1 files changed, 24 insertions, 1 deletions

diff --git a/config/suricata/suricata_generate_yaml.php b/config/suricata/suricata_generate_yaml.php
index 328702b9..3394ad4c 100644
--- a/config/suricata/suricata_generate_yaml.php
+++ b/config/suricata/suricata_generate_yaml.php
@@ -292,6 +292,7 @@ if (!empty($suricatacfg['max_pcap_log_files']))
 else
 	$pcap_log_max_files = "1000";
 
+// Unified2 Alert Log Settings
 if ($suricatacfg['barnyard_enable'] == 'on')
 	$barnyard2_enabled = "yes";
 else
@@ -307,6 +308,28 @@ if (isset($suricatacfg['barnyard_sensor_id']))
 else
 	$unified2_sensor_id = "0";
 
+// Unified2 X-Forwarded-For logging options
+if ($suricatacfg['barnyard_xff_logging'] == 'on') {
+	$unified2_xff_output = "xff:";
+	$unified2_xff_output .= "\n        enabled: yes";
+	if (!empty($suricatacfg['barnyard_xff_mode']))
+		$unified2_xff_output .= "\n        mode: {$suricatacfg['barnyard_xff_mode']}";
+	else
+		$unified2_xff_output .= "\n        mode: extra-data";
+	if (!empty($suricatacfg['barnyard_xff_deployment']))
+		$unified2_xff_output .= "\n        deployment: {$suricatacfg['barnyard_xff_deployment']}";
+	else
+		$unified2_xff_output .= "\n        deployment: reverse";
+	if (!empty($suricatacfg['barnyard_xff_header']))
+		$unified2_xff_output .= "\n        header: {$suricatacfg['barnyard_xff_header']}";
+	else
+		$unified2_xff_output .= "\n        header: X-Forwarded-For";
+}
+else {
+	$unified2_xff_output = "xff:";
+	$unified2_xff_output .= "\n        enabled: no";
+}
+
 // EVE JSON log output settings
 if ($suricatacfg['enable_eve_log'] == 'on')
 	$enable_eve_log = "yes";
@@ -494,7 +517,7 @@ else
 if (!empty($suricatacfg['stream_memcap']))
 	$stream_memcap = $suricatacfg['stream_memcap'];
 else
-	$stream_memcap = "33554432";
+	$stream_memcap = "67108864";
 
 if (!empty($suricatacfg['stream_prealloc_sessions']))
 	$stream_prealloc_sessions = $suricatacfg['stream_prealloc_sessions'];