From 0a2d7fa809a9608c5063dd1a352fb53e9e7073a1 Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Mon, 9 Nov 2015 22:25:06 -0500
Subject: Add support for X-Forwarded-For info to Unified2 log output options.

---
 config/suricata/suricata_migrate_config.php | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'config/suricata/suricata_migrate_config.php')

diff --git a/config/suricata/suricata_migrate_config.php b/config/suricata/suricata_migrate_config.php
index 2fd5f96e..8cf69ba6 100644
--- a/config/suricata/suricata_migrate_config.php
+++ b/config/suricata/suricata_migrate_config.php
@@ -471,6 +471,26 @@ foreach ($rule as &$r) {
 		$updated_cfg = true;
 	}
 
+	/**********************************************************/
+	/* Create interface Unified2 XFF log settings if not set  */
+	/**********************************************************/
+	if (!isset($pconfig['barnyard_log_xff'])) {
+		$pconfig['barnyard_log_xff'] = "off";
+		$updated_cfg = true;
+	}
+	if (!isset($pconfig['barnyard_xff_mode'])) {
+		$pconfig['barnyard_xff_mode'] = "extra-data";
+		$updated_cfg = true;
+	}
+	if (!isset($pconfig['barnyard_xff_deployment'])) {
+		$pconfig['barnyard_xff_deployment'] = "reverse";
+		$updated_cfg = true;
+	}
+	if (empty($pconfig['barnyard_xff_header'])) {
+		$pconfig['barnyard_xff_header'] = "X-Forwarded-For";
+		$updated_cfg = true;
+	}
+
 	// Save the new configuration data into the $config array pointer
 	$r = $pconfig;
 }
-- 
cgit v1.2.3