|
suricata -c /home/sdgdb/etc/suricata.yaml --dump-config
|
|
2/4/2015 -- 14:10:21 - <Warning> - [ERRCODE: SC_WARN_DEPRECATED(203)] - prealloc_sessions is deprecated. Please use prealloc-sessions on line 704.
|
|
2/4/2015 -- 14:10:21 - <Notice> - This is Suricata version 2.0.3 RELEASE
|
|
2/4/2015 -- 14:10:21 - <Info> - CPUs/cores online: 2
|
|
max-pending-packets = 1024
|
|
runmode = workers
|
|
pid-file = /var/run/suricataSDGDB.pid
|
|
daemon-directory = /home/sdgdb
|
|
default-packet-size = 1532
|
|
default-log-dir = /data/suricata
|
|
unix-command = (null)
|
|
unix-command.enabled = no
|
|
outputs = (null)
|
|
outputs.0 = fast
|
|
outputs.0.fast = (null)
|
|
outputs.0.fast.enabled = no
|
|
outputs.0.fast.filename = fast.log
|
|
outputs.0.fast.append = yes
|
|
outputs.1 = eve-log
|
|
outputs.1.eve-log = (null)
|
|
outputs.1.eve-log.enabled = no
|
|
outputs.1.eve-log.type = file
|
|
outputs.1.eve-log.filename = eve.json
|
|
outputs.1.eve-log.types = (null)
|
|
outputs.1.eve-log.types.0 = alert
|
|
outputs.1.eve-log.types.1 = http
|
|
outputs.1.eve-log.types.1.http = (null)
|
|
outputs.1.eve-log.types.1.http.extended = yes
|
|
outputs.1.eve-log.types.2 = dns
|
|
outputs.1.eve-log.types.3 = tls
|
|
outputs.1.eve-log.types.3.tls = (null)
|
|
outputs.1.eve-log.types.3.tls.extended = yes
|
|
outputs.1.eve-log.types.4 = files
|
|
outputs.1.eve-log.types.4.files = (null)
|
|
outputs.1.eve-log.types.4.files.force-magic = no
|
|
outputs.1.eve-log.types.4.files.force-md5 = no
|
|
outputs.1.eve-log.types.5 = ssh
|
|
outputs.2 = unified2-alert
|
|
outputs.2.unified2-alert = (null)
|
|
outputs.2.unified2-alert.enabled = yes
|
|
outputs.2.unified2-alert.filename = suricata.u2
|
|
outputs.2.unified2-alert.limit = 10mb
|
|
outputs.2.unified2-alert.xff = (null)
|
|
outputs.2.unified2-alert.xff.enabled = no
|
|
outputs.2.unified2-alert.xff.mode = extra-data
|
|
outputs.2.unified2-alert.xff.header = X-Forwarded-For
|
|
outputs.3 = http-log
|
|
outputs.3.http-log = (null)
|
|
outputs.3.http-log.enabled = no
|
|
outputs.3.http-log.filename = http.log
|
|
outputs.3.http-log.append = yes
|
|
outputs.4 = tls-log
|
|
outputs.4.tls-log = (null)
|
|
outputs.4.tls-log.enabled = no
|
|
outputs.4.tls-log.filename = tls.log
|
|
outputs.4.tls-log.append = yes
|
|
outputs.4.tls-log.certs-log-dir = certs
|
|
outputs.5 = dns-log
|
|
outputs.5.dns-log = (null)
|
|
outputs.5.dns-log.enabled = no
|
|
outputs.5.dns-log.filename = dns.log
|
|
outputs.5.dns-log.append = yes
|
|
outputs.6 = pcap-info
|
|
outputs.6.pcap-info = (null)
|
|
outputs.6.pcap-info.enabled = no
|
|
outputs.7 = pcap-log
|
|
outputs.7.pcap-log = (null)
|
|
outputs.7.pcap-log.enabled = no
|
|
outputs.7.pcap-log.filename = log.pcap
|
|
outputs.7.pcap-log.limit = 100mb
|
|
outputs.7.pcap-log.max-files = 200
|
|
outputs.7.pcap-log.mode = normal
|
|
outputs.7.pcap-log.use-stream-depth = no
|
|
outputs.8 = alert-debug
|
|
outputs.8.alert-debug = (null)
|
|
outputs.8.alert-debug.enabled = no
|
|
outputs.8.alert-debug.filename = alert-debug.log
|
|
outputs.8.alert-debug.append = yes
|
|
outputs.9 = alert-prelude
|
|
outputs.9.alert-prelude = (null)
|
|
outputs.9.alert-prelude.enabled = no
|
|
outputs.9.alert-prelude.profile = suricata
|
|
outputs.9.alert-prelude.log-packet-content = no
|
|
outputs.9.alert-prelude.log-packet-header = yes
|
|
outputs.10 = stats
|
|
outputs.10.stats = (null)
|
|
outputs.10.stats.enabled = yes
|
|
outputs.10.stats.filename = stats.log
|
|
outputs.10.stats.interval = 3600
|
|
outputs.11 = syslog
|
|
outputs.11.syslog = (null)
|
|
outputs.11.syslog.enabled = no
|
|
outputs.11.syslog.facility = local5
|
|
outputs.12 = drop
|
|
outputs.12.drop = (null)
|
|
outputs.12.drop.enabled = no
|
|
outputs.12.drop.filename = drop.log
|
|
outputs.12.drop.append = yes
|
|
outputs.13 = file-store
|
|
outputs.13.file-store = (null)
|
|
outputs.13.file-store.enabled = no
|
|
outputs.13.file-store.log-dir = files
|
|
outputs.13.file-store.force-magic = no
|
|
outputs.13.file-store.force-md5 = no
|
|
outputs.14 = file-log
|
|
outputs.14.file-log = (null)
|
|
outputs.14.file-log.enabled = no
|
|
outputs.14.file-log.filename = files-json.log
|
|
outputs.14.file-log.append = yes
|
|
outputs.14.file-log.force-magic = no
|
|
outputs.14.file-log.force-md5 = no
|
|
magic-file = /usr/share/file/magic
|
|
nfq =
|
|
nflog = (null)
|
|
nflog.0 = group
|
|
nflog.0.group = 2
|
|
nflog.0.buffer-size = 18432
|
|
nflog.1 = group
|
|
nflog.1.group = default
|
|
nflog.1.qthreshold = 1
|
|
nflog.1.qtimeout = 100
|
|
nflog.1.max-size = 20000
|
|
af-packet = (null)
|
|
af-packet.0 =
|
|
af-packet.1 = interface
|
|
af-packet.1.interface = eth3
|
|
af-packet.1.threads = 2
|
|
af-packet.1.cluster-id = 98
|
|
af-packet.1.defrag = yes
|
|
af-packet.1.use-mmap = yes
|
|
af-packet.1.cluster-type = cluster_flow
|
|
af-packet.2 = interface
|
|
af-packet.2.interface = eth2
|
|
af-packet.2.threads = 2
|
|
af-packet.2.cluster-id = 99
|
|
af-packet.2.defrag = yes
|
|
af-packet.2.use-mmap = yes
|
|
af-packet.2.cluster-type = cluster_flow
|
|
legacy = (null)
|
|
legacy.uricontent = disabled
|
|
threshold-file = /home/sdgdb/etc/threshold.config
|
|
detect-engine = (null)
|
|
detect-engine.0 = profile
|
|
detect-engine.0.profile = low
|
|
detect-engine.1 = custom-values
|
|
detect-engine.1.custom-values = (null)
|
|
detect-engine.1.custom-values.toclient-src-groups = 2
|
|
detect-engine.1.custom-values.toclient-dst-groups = 2
|
|
detect-engine.1.custom-values.toclient-sp-groups = 2
|
|
detect-engine.1.custom-values.toclient-dp-groups = 3
|
|
detect-engine.1.custom-values.toserver-src-groups = 2
|
|
detect-engine.1.custom-values.toserver-dst-groups = 4
|
|
detect-engine.1.custom-values.toserver-sp-groups = 2
|
|
detect-engine.1.custom-values.toserver-dp-groups = 25
|
|
detect-engine.2 = sgh-mpm-context
|
|
detect-engine.2.sgh-mpm-context = auto
|
|
detect-engine.3 = inspection-recursion-limit
|
|
detect-engine.3.inspection-recursion-limit = 3000
|
|
detect-engine.4 = rule-reload
|
|
detect-engine.4.rule-reload = true
|
|
threading = (null)
|
|
threading.set-cpu-affinity = no
|
|
threading.cpu-affinity = (null)
|
|
threading.cpu-affinity.0 = management-cpu-set
|
|
threading.cpu-affinity.0.management-cpu-set = (null)
|
|
threading.cpu-affinity.0.management-cpu-set.cpu = (null)
|
|
threading.cpu-affinity.0.management-cpu-set.cpu.0 = 0
|
|
threading.cpu-affinity.1 = receive-cpu-set
|
|
threading.cpu-affinity.1.receive-cpu-set = (null)
|
|
threading.cpu-affinity.1.receive-cpu-set.cpu = (null)
|
|
threading.cpu-affinity.1.receive-cpu-set.cpu.0 = 0
|
|
threading.cpu-affinity.2 = decode-cpu-set
|
|
threading.cpu-affinity.2.decode-cpu-set = (null)
|
|
threading.cpu-affinity.2.decode-cpu-set.cpu = (null)
|
|
threading.cpu-affinity.2.decode-cpu-set.cpu.0 = 0
|
|
threading.cpu-affinity.2.decode-cpu-set.cpu.1 = 1
|
|
threading.cpu-affinity.2.decode-cpu-set.mode = balanced
|
|
threading.cpu-affinity.3 = stream-cpu-set
|
|
threading.cpu-affinity.3.stream-cpu-set = (null)
|
|
threading.cpu-affinity.3.stream-cpu-set.cpu = (null)
|
|
threading.cpu-affinity.3.stream-cpu-set.cpu.0 = 0-1
|
|
threading.cpu-affinity.4 = detect-cpu-set
|
|
threading.cpu-affinity.4.detect-cpu-set = (null)
|
|
threading.cpu-affinity.4.detect-cpu-set.cpu = (null)
|
|
threading.cpu-affinity.4.detect-cpu-set.cpu.0 = all
|
|
threading.cpu-affinity.4.detect-cpu-set.mode = exclusive
|
|
threading.cpu-affinity.4.detect-cpu-set.prio = (null)
|
|
threading.cpu-affinity.4.detect-cpu-set.prio.low = (null)
|
|
threading.cpu-affinity.4.detect-cpu-set.prio.low.0 = 0
|
|
threading.cpu-affinity.4.detect-cpu-set.prio.medium = (null)
|
|
threading.cpu-affinity.4.detect-cpu-set.prio.medium.0 = 1-2
|
|
threading.cpu-affinity.4.detect-cpu-set.prio.high = (null)
|
|
threading.cpu-affinity.4.detect-cpu-set.prio.high.0 = 3
|
|
threading.cpu-affinity.4.detect-cpu-set.prio.default = medium
|
|
threading.cpu-affinity.5 = verdict-cpu-set
|
|
threading.cpu-affinity.5.verdict-cpu-set = (null)
|
|
threading.cpu-affinity.5.verdict-cpu-set.cpu = (null)
|
|
threading.cpu-affinity.5.verdict-cpu-set.cpu.0 = 0
|
|
threading.cpu-affinity.5.verdict-cpu-set.prio = (null)
|
|
threading.cpu-affinity.5.verdict-cpu-set.prio.default = high
|
|
threading.cpu-affinity.6 = reject-cpu-set
|
|
threading.cpu-affinity.6.reject-cpu-set = (null)
|
|
threading.cpu-affinity.6.reject-cpu-set.cpu = (null)
|
|
threading.cpu-affinity.6.reject-cpu-set.cpu.0 = 0
|
|
threading.cpu-affinity.6.reject-cpu-set.prio = (null)
|
|
threading.cpu-affinity.6.reject-cpu-set.prio.default = low
|
|
threading.cpu-affinity.7 = output-cpu-set
|
|
threading.cpu-affinity.7.output-cpu-set = (null)
|
|
threading.cpu-affinity.7.output-cpu-set.cpu = (null)
|
|
threading.cpu-affinity.7.output-cpu-set.cpu.0 = all
|
|
threading.cpu-affinity.7.output-cpu-set.prio = (null)
|
|
threading.cpu-affinity.7.output-cpu-set.prio.default = medium
|
|
threading.detect-thread-ratio = 1.5
|
|
cuda = (null)
|
|
cuda.mpm = (null)
|
|
cuda.mpm.data-buffer-size-min-limit = 0
|
|
cuda.mpm.data-buffer-size-max-limit = 1500
|
|
cuda.mpm.cudabuffer-buffer-size = 500mb
|
|
cuda.mpm.gpu-transfer-size = 50mb
|
|
cuda.mpm.batching-timeout = 2000
|
|
cuda.mpm.device-id = 0
|
|
cuda.mpm.cuda-streams = 2
|
|
mpm-algo = ac
|
|
pattern-matcher = (null)
|
|
pattern-matcher.0 = b2gc
|
|
pattern-matcher.0.b2gc = (null)
|
|
pattern-matcher.0.b2gc.search-algo = B2gSearchBNDMq
|
|
pattern-matcher.0.b2gc.hash-size = low
|
|
pattern-matcher.0.b2gc.bf-size = medium
|
|
pattern-matcher.1 = b2gm
|
|
pattern-matcher.1.b2gm = (null)
|
|
pattern-matcher.1.b2gm.search-algo = B2gSearchBNDMq
|
|
pattern-matcher.1.b2gm.hash-size = low
|
|
pattern-matcher.1.b2gm.bf-size = medium
|
|
pattern-matcher.2 = b2g
|
|
pattern-matcher.2.b2g = (null)
|
|
pattern-matcher.2.b2g.search-algo = B2gSearchBNDMq
|
|
pattern-matcher.2.b2g.hash-size = low
|
|
pattern-matcher.2.b2g.bf-size = medium
|
|
pattern-matcher.3 = b3g
|
|
pattern-matcher.3.b3g = (null)
|
|
pattern-matcher.3.b3g.search-algo = B3gSearchBNDMq
|
|
pattern-matcher.3.b3g.hash-size = low
|
|
pattern-matcher.3.b3g.bf-size = medium
|
|
pattern-matcher.4 = wumanber
|
|
pattern-matcher.4.wumanber = (null)
|
|
pattern-matcher.4.wumanber.hash-size = low
|
|
pattern-matcher.4.wumanber.bf-size = medium
|
|
defrag = (null)
|
|
defrag.memcap = 32mb
|
|
defrag.hash-size = 65536
|
|
defrag.trackers = 65535
|
|
defrag.max-frags = 65535
|
|
defrag.prealloc = yes
|
|
defrag.timeout = 30
|
|
flow = (null)
|
|
flow.memcap = 400mb
|
|
flow.hash-size = 1048576
|
|
flow.prealloc = 10000
|
|
flow.emergency-recovery = 30
|
|
vlan = (null)
|
|
vlan.use-for-tracking = true
|
|
flow-timeouts = (null)
|
|
flow-timeouts.default = (null)
|
|
flow-timeouts.default.new = 3
|
|
flow-timeouts.default.established = 5
|
|
flow-timeouts.default.closed = 0
|
|
flow-timeouts.default.emergency-new = 3
|
|
flow-timeouts.default.emergency-established = 5
|
|
flow-timeouts.default.emergency-closed = 0
|
|
flow-timeouts.tcp = (null)
|
|
flow-timeouts.tcp.new = 6
|
|
flow-timeouts.tcp.established = 8
|
|
flow-timeouts.tcp.closed = 0
|
|
flow-timeouts.tcp.emergency-new = 3
|
|
flow-timeouts.tcp.emergency-established = 5
|
|
flow-timeouts.tcp.emergency-closed = 0
|
|
flow-timeouts.udp = (null)
|
|
flow-timeouts.udp.new = 3
|
|
flow-timeouts.udp.established = 8
|
|
flow-timeouts.udp.emergency-new = 3
|
|
flow-timeouts.udp.emergency-established = 5
|
|
flow-timeouts.icmp = (null)
|
|
flow-timeouts.icmp.new = 3
|
|
flow-timeouts.icmp.established = 8
|
|
flow-timeouts.icmp.emergency-new = 1
|
|
flow-timeouts.icmp.emergency-established = 5
|
|
stream = (null)
|
|
stream.memcap = 300mb
|
|
stream.checksum-validation = no
|
|
stream.inline = no
|
|
stream.midstream = yes
|
|
stream.async-oneside = true
|
|
stream.prealloc-sessions = 10000
|
|
stream.reassembly = (null)
|
|
stream.reassembly.memcap = 2300mb
|
|
stream.reassembly.depth = 1mb
|
|
stream.reassembly.toserver-chunk-size = 2560
|
|
stream.reassembly.toclient-chunk-size = 2560
|
|
stream.reassembly.randomize-chunk-size = yes
|
|
host = (null)
|
|
host.hash-size = 4096
|
|
host.prealloc = 1000
|
|
host.memcap = 16777216
|
|
logging = (null)
|
|
logging.default-log-level = info
|
|
logging.default-output-filter =
|
|
logging.outputs = (null)
|
|
logging.outputs.0 = console
|
|
logging.outputs.0.console = (null)
|
|
logging.outputs.0.console.enabled = yes
|
|
logging.outputs.1 = file
|
|
logging.outputs.1.file = (null)
|
|
logging.outputs.1.file.enabled = yes
|
|
logging.outputs.1.file.filename = /data/logs/suricata/suricata.log
|
|
logging.outputs.2 = syslog
|
|
logging.outputs.2.syslog = (null)
|
|
logging.outputs.2.syslog.enabled = no
|
|
logging.outputs.2.syslog.facility = local5
|
|
logging.outputs.2.syslog.format = [%i] <%d> --
|
|
mpipe = (null)
|
|
mpipe.load-balance = dynamic
|
|
mpipe.iqueue-packets = 512
|
|
mpipe.inputs = (null)
|
|
mpipe.inputs.0 = interface
|
|
mpipe.inputs.0.interface = xgbe2
|
|
mpipe.inputs.1 = interface
|
|
mpipe.inputs.1.interface = xgbe3
|
|
mpipe.inputs.2 = interface
|
|
mpipe.inputs.2.interface = xgbe4
|
|
mpipe.stack = (null)
|
|
mpipe.stack.size128 = 0
|
|
mpipe.stack.size256 = 9
|
|
mpipe.stack.size512 = 0
|
|
mpipe.stack.size1024 = 0
|
|
mpipe.stack.size1664 = 7
|
|
mpipe.stack.size4096 = 0
|
|
mpipe.stack.size10386 = 0
|
|
mpipe.stack.size16384 = 0
|
|
mpipe.stack.cluster-type = cluster_flow
|
|
pfring = (null)
|
|
pfring.0 = interface
|
|
pfring.0.interface = eth3
|
|
pfring.0.threads = 2
|
|
pfring.0.cluster-id = 98
|
|
pfring.0.cluster-type = cluster_flow
|
|
pfring.1 = interface
|
|
pfring.1.interface = eth2
|
|
pfring.1.threads = 2
|
|
pfring.1.cluster-id = 99
|
|
pfring.1.cluster-type = cluster_flow
|
|
pcap = (null)
|
|
pcap.0 = interface
|
|
pcap.0.interface = eth0
|
|
pcap.1 = interface
|
|
pcap.1.interface = default
|
|
pcap-file = (null)
|
|
pcap-file.checksum-checks = auto
|
|
ipfw =
|
|
default-rule-path = /home/sdgdb/etc
|
|
rule-files = (null)
|
|
rule-files.0 = sdgdb.rules
|
|
classification-file = /home/sdgdb/etc/classification.config
|
|
reference-config-file = /home/sdgdb/etc/reference.config
|
|
vars = (null)
|
|
vars.address-groups = (null)
|
|
vars.address-groups.HOME_NET = [192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]
|
|
vars.address-groups.EXTERNAL_NET = !$HOME_NET
|
|
vars.address-groups.HTTP_SERVERS = $HOME_NET
|
|
vars.address-groups.SMTP_SERVERS = $HOME_NET
|
|
vars.address-groups.SQL_SERVERS = $HOME_NET
|
|
vars.address-groups.DNS_SERVERS = $HOME_NET
|
|
vars.address-groups.TELNET_SERVERS = $HOME_NET
|
|
vars.address-groups.AIM_SERVERS = $EXTERNAL_NET
|
|
vars.address-groups.DNP3_SERVER = $HOME_NET
|
|
vars.address-groups.DNP3_CLIENT = $HOME_NET
|
|
vars.address-groups.MODBUS_CLIENT = $HOME_NET
|
|
vars.address-groups.MODBUS_SERVER = $HOME_NET
|
|
vars.address-groups.ENIP_CLIENT = $HOME_NET
|
|
vars.address-groups.ENIP_SERVER = $HOME_NET
|
|
vars.port-groups = (null)
|
|
vars.port-groups.HTTP_PORTS = 80
|
|
vars.port-groups.SHELLCODE_PORTS = !80
|
|
vars.port-groups.ORACLE_PORTS = 1521
|
|
vars.port-groups.SSH_PORTS = 22
|
|
vars.port-groups.DNP3_PORTS = 20000
|
|
action-order = (null)
|
|
action-order.0 = pass
|
|
action-order.1 = drop
|
|
action-order.2 = reject
|
|
action-order.3 = alert
|
|
host-os-policy = (null)
|
|
host-os-policy.windows = (null)
|
|
host-os-policy.windows.0 = 0.0.0.0/0
|
|
host-os-policy.bsd = (null)
|
|
host-os-policy.bsd-right = (null)
|
|
host-os-policy.old-linux = (null)
|
|
host-os-policy.linux = (null)
|
|
host-os-policy.linux.0 = 10.0.0.0/8
|
|
host-os-policy.linux.1 = 192.168.1.100
|
|
host-os-policy.linux.2 = 8762:2352:6241:7245:E000:0000:0000:0000
|
|
host-os-policy.linux.3 = 126.198.135.11
|
|
host-os-policy.old-solaris = (null)
|
|
host-os-policy.solaris = (null)
|
|
host-os-policy.solaris.0 = ::1
|
|
host-os-policy.hpux10 = (null)
|
|
host-os-policy.hpux11 = (null)
|
|
host-os-policy.irix = (null)
|
|
host-os-policy.macos = (null)
|
|
host-os-policy.vista = (null)
|
|
host-os-policy.windows2k3 = (null)
|
|
asn1-max-frames = 256
|
|
engine-analysis = (null)
|
|
engine-analysis.rules-fast-pattern = yes
|
|
engine-analysis.rules = yes
|
|
pcre = (null)
|
|
pcre.match-limit = 3500
|
|
pcre.match-limit-recursion = 1500
|
|
app-layer = (null)
|
|
app-layer.protocols = (null)
|
|
app-layer.protocols.tls = (null)
|
|
app-layer.protocols.tls.enabled = no
|
|
app-layer.protocols.tls.detection-ports = (null)
|
|
app-layer.protocols.tls.detection-ports.dp = 443
|
|
app-layer.protocols.dcerpc = (null)
|
|
app-layer.protocols.dcerpc.enabled = yes
|
|
app-layer.protocols.ftp = (null)
|
|
app-layer.protocols.ftp.enabled = no
|
|
app-layer.protocols.ssh = (null)
|
|
app-layer.protocols.ssh.enabled = no
|
|
app-layer.protocols.smtp = (null)
|
|
app-layer.protocols.smtp.enabled = no
|
|
app-layer.protocols.imap = (null)
|
|
app-layer.protocols.imap.enabled = no
|
|
app-layer.protocols.msn = (null)
|
|
app-layer.protocols.msn.enabled = no
|
|
app-layer.protocols.smb = (null)
|
|
app-layer.protocols.smb.enabled = no
|
|
app-layer.protocols.smb.detection-ports = (null)
|
|
app-layer.protocols.smb.detection-ports.dp = 139
|
|
app-layer.protocols.dns = (null)
|
|
app-layer.protocols.dns.global-memcap = 128kb
|
|
app-layer.protocols.dns.state-memcap = 64kb
|
|
app-layer.protocols.dns.tcp = (null)
|
|
app-layer.protocols.dns.tcp.enabled = yes
|
|
app-layer.protocols.dns.tcp.detection-ports = (null)
|
|
app-layer.protocols.dns.tcp.detection-ports.dp = 53
|
|
app-layer.protocols.dns.udp = (null)
|
|
app-layer.protocols.dns.udp.enabled = yes
|
|
app-layer.protocols.dns.udp.detection-ports = (null)
|
|
app-layer.protocols.dns.udp.detection-ports.dp = 53
|
|
app-layer.protocols.http = (null)
|
|
app-layer.protocols.http.enabled = yes
|
|
app-layer.protocols.http.libhtp = (null)
|
|
app-layer.protocols.http.libhtp.default-config = (null)
|
|
app-layer.protocols.http.libhtp.default-config.personality = IDS
|
|
app-layer.protocols.http.libhtp.default-config.request-body-limit = 3072
|
|
app-layer.protocols.http.libhtp.default-config.response-body-limit = 3072
|
|
app-layer.protocols.http.libhtp.default-config.request-body-minimal-inspect-size = 32kb
|
|
app-layer.protocols.http.libhtp.default-config.request-body-inspect-window = 7kb
|
|
app-layer.protocols.http.libhtp.default-config.response-body-minimal-inspect-size = 32kb
|
|
app-layer.protocols.http.libhtp.default-config.response-body-inspect-window = 7kb
|
|
app-layer.protocols.http.libhtp.default-config.double-decode-path = no
|
|
app-layer.protocols.http.libhtp.default-config.double-decode-query = no
|
|
app-layer.protocols.http.libhtp.server-config =
|
|
profiling = (null)
|
|
profiling.sample-rate = 1000
|
|
profiling.rules = (null)
|
|
profiling.rules.enabled = no
|
|
profiling.rules.filename = rule_perf.log
|
|
profiling.rules.append = yes
|
|
profiling.rules.sort = avgticks
|
|
profiling.rules.limit = 100
|
|
profiling.keywords = (null)
|
|
profiling.keywords.enabled = no
|
|
profiling.keywords.filename = keyword_perf.log
|
|
profiling.keywords.append = yes
|
|
profiling.packets = (null)
|
|
profiling.packets.enabled = no
|
|
profiling.packets.filename = packet_stats.log
|
|
profiling.packets.append = yes
|
|
profiling.packets.csv = (null)
|
|
profiling.packets.csv.enabled = no
|
|
profiling.packets.csv.filename = packet_stats.csv
|
|
profiling.locks = (null)
|
|
profiling.locks.enabled = no
|
|
profiling.locks.filename = lock_stats.log
|
|
profiling.locks.append = yes
|
|
coredump = (null)
|
|
coredump.max-dump = unlimited
|
|
napatech = (null)
|
|
napatech.hba = -1
|
|
napatech.use-all-streams = yes
|
|
napatech.streams = (null)
|
|
napatech.streams.0 = 1
|
|
napatech.streams.1 = 2
|
|
napatech.streams.2 = 3
|