Merge git+ssh://github.com/pfsense/pfsense-packages

author: Stephane Lapie <stephane.lapie@asahinet.com> 2014-09-09 10:38:18 +0900
committer: Stephane Lapie <stephane.lapie@asahinet.com> 2014-09-09 10:38:18 +0900
commit: 2540793065bc8539001aec717745474569c8ff77 (patch)
tree: 0160e83bf24c77dfa9d73e2d2d2ce5eeb90610bb /config/suricata/suricata_yaml_template.inc
parent: c93a3c793d53e9076b49e05c32a7c132329ff353 (diff)
parent: 8a33d84b6e7d52e2e7dd414c03428ce6da0296a2 (diff)
download: pfsense-packages-2540793065bc8539001aec717745474569c8ff77.tar.gz
pfsense-packages-2540793065bc8539001aec717745474569c8ff77.tar.bz2
pfsense-packages-2540793065bc8539001aec717745474569c8ff77.zip
1 files changed, 69 insertions, 10 deletions
diff --git a/config/suricata/suricata_yaml_template.inc b/config/suricata/suricata_yaml_template.inc
index 44fd1d5f..82c449d3 100644
--- a/config/suricata/suricata_yaml_template.inc
+++ b/config/suricata/suricata_yaml_template.inc
@@ -15,6 +15,10 @@ max-pending-packets: {$max_pend_pkts}
 # Runmode the engine should use.
 runmode: autofp
 
+# If set to auto, the variable is internally switched to 'router' in IPS 
+# mode and 'sniffer-only' in IDS mode.
+host-mode: auto
+
 # Specifies the kind of flow load balancer used by the flow pinned autofp mode.
 autofp-scheduler: active-packets
 
@@ -55,9 +59,7 @@ outputs:
       enabled: {$http_log_enabled}
       filename: http.log
       append: {$http_log_append}
-      #extended: yes     # enable this for extended logging information
-      #custom: yes       # enabled the custom logging format (defined by customformat)
-      #customformat: "%{%D-%H:%M:%S}t.%z %{X-Forwarded-For}i %H %m %h %u %s %B %a:%p -> %A:%P"
+      extended: {$http_log_extended}
       filetype: regular
 
   - pcap-log:
@@ -82,8 +84,8 @@ outputs:
   - syslog:
       enabled: {$alert_syslog}
       identity: suricata
-      facility: auth
-      level: Info
+      facility: {$alert_syslog_facility}
+      level: {$alert_syslog_priority}
 
   - drop:
       enabled: no
@@ -94,8 +96,8 @@ outputs:
   - file-store:
       enabled: {$file_store_enabled}
       log-dir: files
-      force-magic: no
-      force-md5: no
+      force-magic: {$json_log_magic}
+      force-md5: {$json_log_md5}
       waldo: file.waldo
 
   - file-log:
@@ -106,6 +108,21 @@ outputs:
       force-magic: {$json_log_magic}
       force-md5: {$json_log_md5}
 
+  - dns-log:
+      enabled: {$dns_log_enabled}
+      filename: dns.log
+      append: {$dns_log_append}
+      filetype: regular
+
+  - eve-log:
+      enabled: {$enable_eve_log}
+      type: {$eve_output_type}
+      filename: eve.json
+      identity: "suricata"
+      facility: {$eve_systemlog_facility}
+      level: {$eve_systemlog_priority}
+      types: {$eve_out_types}
+
 # Magic file. The extension .mgc is added to the value here.
 magic-file: /usr/share/misc/magic
 
@@ -233,12 +250,13 @@ logging:
       filename: {$suricatalogdir}suricata_{$if_real}{$suricata_uuid}/suricata.log
   - syslog:
       enabled: {$suricata_use_syslog}
-      facility: auth
+      facility: {$suricata_use_syslog_facility}
       format: "[%i] <%d> -- "
 
 pcap:
   - interface: {$if_real}
     checksum-checks: auto
+    promisc: {$intf_promisc_mode}
 
 # For FreeBSD ipfw(8) divert(4) support.
 #   ipfw add 100 divert 8000 ip from any to any
@@ -276,8 +294,8 @@ action-order:
   - alert
 
 # IP Reputation
-#reputation-categories-file: {$suricatacfgdir}/iprep/categories.txt
-#default-reputation-path: {$suricatacfgdir}/iprep
+#reputation-categories-file: {$iprep_path}/categories.txt
+#default-reputation-path: {$iprep_path}
 #reputation-files:
 # - reputation.list
 
@@ -293,6 +311,47 @@ pcre:
   match-limit: 3500
   match-limit-recursion: 1500
 
+# Holds details on the app-layer. The protocols section details each protocol.
+app-layer:
+  protocols:
+    tls:
+      enabled: {$tls_parser}
+      detection-ports:
+        dp: 443
+      #no-reassemble: yes
+    dcerpc:
+      enabled: {$dcerpc_parser}
+    ftp:
+      enabled: {$ftp_parser}
+    ssh:
+      enabled: {$ssh_parser}
+    smtp:
+      enabled: {$smtp_parser}
+    imap:
+      enabled: {$imap_parser}
+    msn:
+      enabled: {$msn_parser}
+    smb:
+      enabled: {$smb_parser}
+      detection-ports:
+        dp: 139
+    dns:
+      global-memcap: {$dns_global_memcap}
+      state-memcap: {$dns_state_memcap}
+      request-flood: {$dns_request_flood_limit}
+
+      tcp:
+        enabled: {$dns_parser_tcp}
+        detection-ports:
+          dp: 53
+      udp:
+        enabled: {$dns_parser_udp}
+        detection-ports:
+          dp: 53
+    http:
+      enabled: {$http_parser}
+      memcap: {$http_parser_memcap}
+
 ###########################################################################
 # Configure libhtp.
 libhtp:
author	Stephane Lapie <stephane.lapie@asahinet.com>	2014-09-09 10:38:18 +0900
committer	Stephane Lapie <stephane.lapie@asahinet.com>	2014-09-09 10:38:18 +0900
commit	2540793065bc8539001aec717745474569c8ff77 (patch)
tree	0160e83bf24c77dfa9d73e2d2d2ce5eeb90610bb /config/suricata/suricata_yaml_template.inc
parent	c93a3c793d53e9076b49e05c32a7c132329ff353 (diff)
parent	8a33d84b6e7d52e2e7dd414c03428ce6da0296a2 (diff)
download	pfsense-packages-2540793065bc8539001aec717745474569c8ff77.tar.gz pfsense-packages-2540793065bc8539001aec717745474569c8ff77.tar.bz2 pfsense-packages-2540793065bc8539001aec717745474569c8ff77.zip