Project

General

Profile

Download (11 KB)

Bug #2423 » 4.0.3.cfg

output from suricata --dump-config - Steve Castellarin, 01/18/2018 08:47 AM

 
vars = (null)
vars.address-groups = (null)
vars.address-groups.HOME_NET = [<REMOVED>]
vars.address-groups.EXTERNAL_NET = !$HOME_NET
vars.address-groups.HTTP_SERVERS = $HOME_NET
vars.address-groups.SMTP_SERVERS = $HOME_NET
vars.address-groups.SQL_SERVERS = $HOME_NET
vars.address-groups.DNS_SERVERS = $HOME_NET
vars.address-groups.TELNET_SERVERS = $HOME_NET
vars.address-groups.AIM_SERVERS = $EXTERNAL_NET
vars.address-groups.DNP3_SERVER = $HOME_NET
vars.address-groups.DNP3_CLIENT = $HOME_NET
vars.address-groups.MODBUS_CLIENT = $HOME_NET
vars.address-groups.MODBUS_SERVER = $HOME_NET
vars.address-groups.ENIP_CLIENT = $HOME_NET
vars.address-groups.ENIP_SERVER = $HOME_NET
vars.port-groups = (null)
vars.port-groups.HTTP_PORTS = 80,8080
vars.port-groups.SHELLCODE_PORTS = !80
vars.port-groups.ORACLE_PORTS = 1521
vars.port-groups.SSH_PORTS = 22
vars.port-groups.DNP3_PORTS = 20000
vars.port-groups.MODBUS_PORTS = 502
vars.port-groups.FILE_DATA_PORTS = [$HTTP_PORTS,110,143]
vars.port-groups.FTP_PORTS = 21
vars.port-groups.SERVER_PORTS = 21,22,23,80,81,443,591,901,1533,3128,8000,8080,8081,8443
default-rule-path = /etc/suricata/rules
rule-files = (null)
rule-files.0 = etpro/exploit.rules
rule-files.1 = etpro/malware.rules
rule-files.2 = etpro/mobile_malware.rules
rule-files.3 = etpro/scan.rules
rule-files.4 = etpro/trojan.rules
rule-files.5 = etpro/worm.rules
rule-files.6 = etpro/current_events.rules
rule-files.7 = etpro/user_agents.rules
rule-files.8 = etpro/web_server.rules
rule-files.9 = custom.rules
rule-files.10 = <REMOVED>
rule-files.11 = <REMOVED>
classification-file = /etc/suricata/classification.config
reference-config-file = /etc/suricata/reference.config
default-log-dir = /var/log/suricata/
stats = (null)
stats.enabled = yes
stats.interval = 8
outputs = (null)
outputs.0 = fast
outputs.0.fast = (null)
outputs.0.fast.enabled = yes
outputs.0.fast.filename = fast.log
outputs.0.fast.append = yes
outputs.1 = eve-log
outputs.1.eve-log = (null)
outputs.1.eve-log.enabled = yes
outputs.1.eve-log.filetype = regular
outputs.1.eve-log.filename = eve-%y-%m-%d-%H-%M.json
outputs.1.eve-log.rotate-interval = 30m
outputs.1.eve-log.types = (null)
outputs.1.eve-log.types.0 = dns
outputs.1.eve-log.types.0.dns = (null)
outputs.1.eve-log.types.0.dns.query = yes
outputs.1.eve-log.types.0.dns.answer = yes
outputs.2 = alert-debug
outputs.2.alert-debug = (null)
outputs.2.alert-debug.enabled = no
outputs.2.alert-debug.filename = alert-debug.log
outputs.2.alert-debug.append = yes
outputs.3 = stats
outputs.3.stats = (null)
outputs.3.stats.enabled = yes
outputs.3.stats.filename = stats.log
outputs.3.stats.totals = yes
outputs.3.stats.threads = no
outputs.4 = syslog
outputs.4.syslog = (null)
outputs.4.syslog.enabled = no
outputs.4.syslog.facility = local5
logging = (null)
logging.default-log-level = notice
logging.default-output-filter =
logging.outputs = (null)
logging.outputs.0 = console
logging.outputs.0.console = (null)
logging.outputs.0.console.enabled = yes
logging.outputs.1 = file
logging.outputs.1.file = (null)
logging.outputs.1.file.enabled = yes
logging.outputs.1.file.level = info
logging.outputs.1.file.filename = /var/log/suricata/suricata.log
logging.outputs.2 = syslog
logging.outputs.2.syslog = (null)
logging.outputs.2.syslog.enabled = no
logging.outputs.2.syslog.facility = local5
logging.outputs.2.syslog.format = [%i] <%d> --
app-layer = (null)
app-layer.protocols = (null)
app-layer.protocols.tls = (null)
app-layer.protocols.tls.enabled = yes
app-layer.protocols.tls.detection-ports = (null)
app-layer.protocols.tls.detection-ports.dp = 443
app-layer.protocols.dcerpc = (null)
app-layer.protocols.dcerpc.enabled = yes
app-layer.protocols.ftp = (null)
app-layer.protocols.ftp.enabled = yes
app-layer.protocols.ssh = (null)
app-layer.protocols.ssh.enabled = yes
app-layer.protocols.imap = (null)
app-layer.protocols.imap.enabled = detection-only
app-layer.protocols.msn = (null)
app-layer.protocols.msn.enabled = detection-only
app-layer.protocols.smb = (null)
app-layer.protocols.smb.enabled = yes
app-layer.protocols.smb.detection-ports = (null)
app-layer.protocols.smb.detection-ports.dp = 139, 445
app-layer.protocols.dns = (null)
app-layer.protocols.dns.tcp = (null)
app-layer.protocols.dns.tcp.enabled = yes
app-layer.protocols.dns.tcp.detection-ports = (null)
app-layer.protocols.dns.tcp.detection-ports.dp = 53
app-layer.protocols.dns.udp = (null)
app-layer.protocols.dns.udp.enabled = yes
app-layer.protocols.dns.udp.detection-ports = (null)
app-layer.protocols.dns.udp.detection-ports.dp = 53
app-layer.protocols.http = (null)
app-layer.protocols.http.enabled = yes
app-layer.protocols.http.memcap = 4gb
app-layer.protocols.http.libhtp = (null)
app-layer.protocols.http.libhtp.default-config = (null)
app-layer.protocols.http.libhtp.default-config.personality = IDS
app-layer.protocols.http.libhtp.default-config.request-body-limit = 12mb
app-layer.protocols.http.libhtp.default-config.response-body-limit = 12mb
app-layer.protocols.http.libhtp.default-config.request-body-minimal-inspect-size = 32kb
app-layer.protocols.http.libhtp.default-config.request-body-inspect-window = 4kb
app-layer.protocols.http.libhtp.default-config.response-body-minimal-inspect-size = 40kb
app-layer.protocols.http.libhtp.default-config.response-body-inspect-window = 16kb
app-layer.protocols.http.libhtp.default-config.response-body-decompress-layer-limit = 2
app-layer.protocols.http.libhtp.default-config.http-body-inline = auto
app-layer.protocols.http.libhtp.default-config.double-decode-path = no
app-layer.protocols.http.libhtp.default-config.double-decode-query = no
app-layer.protocols.http.libhtp.server-config = (null)
app-layer.protocols.http.libhtp.server-config.0 = apache
app-layer.protocols.http.libhtp.server-config.0.apache = (null)
app-layer.protocols.http.libhtp.server-config.0.apache.address = (null)
app-layer.protocols.http.libhtp.server-config.0.apache.address.0 = <REMOVED>
app-layer.protocols.http.libhtp.server-config.0.apache.personality = Apache_2
app-layer.protocols.http.libhtp.server-config.0.apache.request-body-limit = 4096
app-layer.protocols.http.libhtp.server-config.0.apache.response-body-limit = 4096
asn1-max-frames = 256
coredump = (null)
coredump.max-dump = unlimited
host-mode = sniffer-only
max-pending-packets = 10000
runmode = workers
autofp-scheduler = active-packets
default-packet-size = 9018
unix-command = (null)
unix-command.enabled = no
legacy = (null)
legacy.uricontent = enabled
engine-analysis = (null)
engine-analysis.rules-fast-pattern = yes
engine-analysis.rules = yes
pcre = (null)
pcre.match-limit = 3500
pcre.match-limit-recursion = 1500
host-os-policy = (null)
host-os-policy.windows = (null)
host-os-policy.windows.0 = 0.0.0.0/0
host-os-policy.bsd = (null)
host-os-policy.bsd-right = (null)
host-os-policy.old-linux = (null)
host-os-policy.linux = (null)
host-os-policy.linux.0 = <REMOVED>
host-os-policy.old-solaris = (null)
host-os-policy.solaris = (null)
host-os-policy.hpux10 = (null)
host-os-policy.hpux11 = (null)
host-os-policy.irix = (null)
host-os-policy.macos = (null)
host-os-policy.vista = (null)
host-os-policy.windows2k3 = (null)
defrag = (null)
defrag.hash-size = 65536
defrag.trackers = 65535
defrag.max-frags = 65535
defrag.prealloc = yes
defrag.timeout = 10
flow = (null)
flow.memcap = 1gb
flow.hash-size = 1048576
flow.prealloc = 1048576
flow.prune-flows = 50000
flow.emergency-recovery = 30
flow.managers = 10
vlan = (null)
vlan.use-for-tracking = false
flow-timeouts = (null)
flow-timeouts.default = (null)
flow-timeouts.default.new = 3
flow-timeouts.default.established = 300
flow-timeouts.default.closed = 0
flow-timeouts.default.emergency-new = 10
flow-timeouts.default.emergency-established = 10
flow-timeouts.default.emergency-closed = 0
flow-timeouts.tcp = (null)
flow-timeouts.tcp.new = 6
flow-timeouts.tcp.established = 100
flow-timeouts.tcp.closed = 12
flow-timeouts.tcp.emergency-new = 1
flow-timeouts.tcp.emergency-established = 5
flow-timeouts.tcp.emergency-closed = 2
flow-timeouts.udp = (null)
flow-timeouts.udp.new = 3
flow-timeouts.udp.established = 30
flow-timeouts.udp.emergency-new = 3
flow-timeouts.udp.emergency-established = 10
flow-timeouts.icmp = (null)
flow-timeouts.icmp.new = 3
flow-timeouts.icmp.established = 30
flow-timeouts.icmp.emergency-new = 1
flow-timeouts.icmp.emergency-established = 10
stream = (null)
stream.memcap = 12gb
stream.checksum-validation = no
stream.prealloc-session = 200000
stream.inline = no
stream.bypass = yes
stream.reassembly = (null)
stream.reassembly.memcap = 24gb
stream.reassembly.depth = 1mb
host = (null)
host.hash-size = 4096
host.prealloc = 1000
host.memcap = 16777216
detect = (null)
detect.0 = profile
detect.0.profile = custom
detect.1 = custom-values
detect.1.custom-values = (null)
detect.1.custom-values.toclient-src-groups = 200
detect.1.custom-values.toclient-dst-groups = 200
detect.2 = sgh-mpm-context
detect.2.sgh-mpm-context = auto
detect.3 = inspection-recursion-limit
detect.3.inspection-recursion-limit = 3000
mpm-algo = hs
spm-algo = hs
threading = (null)
threading.set-cpu-affinity = yes
threading.cpu-affinity = (null)
threading.cpu-affinity.0 = management-cpu-set
threading.cpu-affinity.0.management-cpu-set = (null)
threading.cpu-affinity.0.management-cpu-set.cpu = (null)
threading.cpu-affinity.0.management-cpu-set.cpu.0 = 1
threading.cpu-affinity.0.management-cpu-set.cpu.1 = 21
threading.cpu-affinity.0.management-cpu-set.mode = balanced
threading.cpu-affinity.0.management-cpu-set.prio =
threading.cpu-affinity.0.management-cpu-set.default = low
threading.cpu-affinity.1 = worker-cpu-set
threading.cpu-affinity.1.worker-cpu-set = (null)
threading.cpu-affinity.1.worker-cpu-set.cpu = (null)
threading.cpu-affinity.1.worker-cpu-set.cpu.0 = 5
threading.cpu-affinity.1.worker-cpu-set.cpu.1 = 7
threading.cpu-affinity.1.worker-cpu-set.cpu.2 = 9
threading.cpu-affinity.1.worker-cpu-set.cpu.3 = 11
threading.cpu-affinity.1.worker-cpu-set.cpu.4 = 13
threading.cpu-affinity.1.worker-cpu-set.cpu.5 = 15
threading.cpu-affinity.1.worker-cpu-set.cpu.6 = 17
threading.cpu-affinity.1.worker-cpu-set.cpu.7 = 19
threading.cpu-affinity.1.worker-cpu-set.cpu.8 = 23
threading.cpu-affinity.1.worker-cpu-set.cpu.9 = 25
threading.cpu-affinity.1.worker-cpu-set.cpu.10 = 27
threading.cpu-affinity.1.worker-cpu-set.cpu.11 = 29
threading.cpu-affinity.1.worker-cpu-set.cpu.12 = 31
threading.cpu-affinity.1.worker-cpu-set.cpu.13 = 33
threading.cpu-affinity.1.worker-cpu-set.cpu.14 = 35
threading.cpu-affinity.1.worker-cpu-set.cpu.15 = 37
threading.cpu-affinity.1.worker-cpu-set.cpu.16 = 39
threading.cpu-affinity.1.worker-cpu-set.mode = exclusive
threading.cpu-affinity.1.worker-cpu-set.prio = (null)
threading.cpu-affinity.1.worker-cpu-set.prio.default = high
threading.detect-thread-ratio = 1.5
luajit = (null)
luajit.states = 128
profiling = (null)
profiling.rules = (null)
profiling.rules.enabled = no
profiling.rules.filename = rule_perf.log
profiling.rules.append = yes
profiling.rules.sort = avgticks
profiling.rules.limit = 100
profiling.rules.json = yes
profiling.packets = (null)
profiling.packets.enabled = no
profiling.packets.filename = packet_stats.log
profiling.packets.append = yes
napatech = (null)
napatech.hba = -1
napatech.use-all-streams = no
napatech.streams = (null)
napatech.streams.0 = 0-16
(2-2/5)