11. Configuration
- 11.1. Suricata.yaml
- 11.1.1. Max-pending-packets
- 11.1.2. Runmodes
- 11.1.3. Default-packet-size
- 11.1.4. User and group
- 11.1.5. PID File
- 11.1.6. Action-order
- 11.1.7. Packet alert queue settings
- 11.1.8. Splitting configuration in multiple files
- 11.1.9. Event output
- 11.1.9.1. Default logging directory
- 11.1.9.2. Stats
- 11.1.9.3. Outputs
- 11.1.9.4. Line based alerts log (fast.log)
- 11.1.9.5. Eve (Extensible Event Format)
- 11.1.9.6. A line based log of HTTP requests (http.log)
- 11.1.9.7. Packet log (pcap-log)
- 11.1.9.8. Verbose Alerts Log (alert-debug.log)
- 11.1.9.9. Alert output to prelude (alert-prelude)
- 11.1.9.10. Stats
- 11.1.9.11. Syslog
- 11.1.9.12. File-store (File Extraction)
- 11.1.10. Detection engine
- 11.1.11. Threading
- 11.1.12. IP Defrag
- 11.1.13. Flow and Stream handling
- 11.1.14. Application Layer Parsers
- 11.1.15. Engine Logging
- 11.1.16. Packet Acquisition
- 11.1.17. Rules
- 11.1.18. Engine analysis and profiling
- 11.1.19. Decoder
- 11.1.20. Advanced Options
- 11.1.21. Configuration hardening
- 11.2. Global-Thresholds
- 11.3. Exception Policies
- 11.4. Snort.conf to Suricata.yaml
- 11.5. Multi Tenancy
- 11.6. Dropping Privileges After Startup