Project

General

Profile

Download (1.87 KB)

Bug #8619 » suricata.yaml

Shane Dugan, 05/29/2026 08:01 PM

 
%YAML 1.1
---

vars:
address-groups:
HOME_NET: "[10.0.0.0/8]"
EXTERNAL_NET: "!$HOME_NET"

default-log-dir: /tmp/suricata-repro/
default-rule-path: repro_config/
default-packet-size: 1500

stats:
enabled: true
interval: 15

af-packet:
- interface: SFE_0_TX
cluster-id: 99
cluster-type: cluster_flow
copy-iface: SFE_0_RX
copy-mode: ips
threads: 1
use-mmap: true
checksum-checks: false
defrag: false
- interface: SFE_0_RX
cluster-id: 98
cluster-type: cluster_flow
copy-iface: SFE_0_TX
copy-mode: ips
threads: 1
use-mmap: true
checksum-checks: false
defrag: false
disable-read: 1
- interface: default
threads: 1
checksum-checks: false

outputs:
- eve-log:
enabled: true
filename: eve-alert.json
types:
- alert
- eve-log:
enabled: true
filename: eve-stats.json
types:
- stats:
totals: true
- stats:
enabled: false

logging:
default-log-level: notice
outputs:
- console:
enabled: true
- file:
enabled: true
filename: suricata.log
level: info

app-layer:
protocols:
snmp:
enabled: true
dns:
tcp:
enabled: true
udp:
enabled: true
tls:
enabled: true
http:
enabled: true

stream:
checksum-validation: false
inline: auto
memcap: 64mb
midstream: false
midstream-policy: drop-packet
reassembly:
depth: 128kb
memcap: 256mb

detect:
profile: medium

classification-file: classification.config
reference-config-file: reference.config
threshold-file: threshold.config

rule-files:
- suricata.rules

runmode: workers

unix-command:
enabled: false

# For offline pcap replay (alternative to af-packet):
# suricata -c suricata.yaml -r snmp_leak_repro.pcap -S suricata.rules -l /tmp/repro-out/
pcap-file:
checksum-checks: false
(7-7/9)