12. Configuration
- 12.1. Suricata.yaml
- 12.1.1. Max-pending-packets
- 12.1.2. Runmodes
- 12.1.3. Default-packet-size
- 12.1.4. User and group
- 12.1.5. PID File
- 12.1.6. Action-order
- 12.1.7. Packet alert queue settings
- 12.1.8. Splitting configuration in multiple files
- 12.1.9. Event output
- 12.1.9.1. Default logging directory
- 12.1.9.2. Stats
- 12.1.9.3. Outputs
- 12.1.9.4. Line based alerts log (fast.log)
- 12.1.9.5. Eve (Extensible Event Format)
- 12.1.9.6. TLS parameters and certificates logging (tls.log)
- 12.1.9.7. A line based log of HTTP requests (http.log)
- 12.1.9.8. Packet log (pcap-log)
- 12.1.9.9. Verbose Alerts Log (alert-debug.log)
- 12.1.9.10. Stats
- 12.1.9.11. Syslog
- 12.1.9.12. File-store (File Extraction)
- 12.1.10. Detection engine
- 12.1.11. Threading
- 12.1.12. IP Defrag
- 12.1.13. Flow and Stream handling
- 12.1.14. Host Tracking
- 12.1.15. Application Layer Parsers
- 12.1.16. Engine Logging
- 12.1.17. Packet Acquisition
- 12.1.18. Rules
- 12.1.19. Engine analysis and profiling
- 12.1.20. Decoder
- 12.1.21. Advanced Options
- 12.1.22. Configuration hardening
- 12.2. Global-Thresholds
- 12.3. Exception Policies
- 12.4. Snort.conf to Suricata.yaml
- 12.5. Multi Tenancy
- 12.6. Dropping Privileges After Startup
- 12.7. Using Landlock LSM
- 12.8. systemd notification
- 12.9. Includes