Suricata的配置

 

 

 

 

　　见官网

https://suricata.readthedocs.io/en/latest/configuration/index.html#

 

 

 

 

 

 

• Docs »
 
• 8. Configuration
•  Edit on GitHub

---

8. Configuration

• 8.1. Suricata.yaml
  • 8.1.1. Max-pending-packets
  • 8.1.2. Runmodes
  • 8.1.3. Default-packet-size
  • 8.1.4. User and group
  • 8.1.5. PID File
  • 8.1.6. Action-order
  • 8.1.7. Splitting configuration in multiple files
  • 8.1.8. Event output
    • 8.1.8.1. Default logging directory
    • 8.1.8.2. Outputs
    • 8.1.8.3. Line based alerts log (fast.log)
    • 8.1.8.4. Eve (Extensible Event Format)
    • 8.1.8.5. Alert output for use with Barnyard2 (unified2.alert)
    • 8.1.8.6. A line based log of HTTP requests (http.log)
    • 8.1.8.7. A line based log of DNS queries and replies (dns.log)
    • 8.1.8.8. Packet log (pcap-log)
    • 8.1.8.9. Verbose Alerts Log (alert-debug.log)
    • 8.1.8.10. Alert output to prelude (alert-prelude)
    • 8.1.8.11. Stats
    • 8.1.8.12. Syslog
    • 8.1.8.13. Drop.log, a line based information for dropped packets
  • 8.1.9. Detection engine
    • 8.1.9.1. Inspection configuration
    • 8.1.9.2. Prefilter Engines
    • 8.1.9.3. CUDA (Compute United Device Architecture)
    • 8.1.9.4. Pattern matcher settings
  • 8.1.10. Threading
    • 8.1.10.1. Relevant cpu-affinity settings for IDS/IPS modes
    • 8.1.10.2. IDS mode
    • 8.1.10.3. IPS mode
  • 8.1.11. IP Defrag
  • 8.1.12. Flow and Stream handling
    • 8.1.12.1. Flow Settings
    • 8.1.12.2. Flow Time-Outs
    • 8.1.12.3. Stream-engine
  • 8.1.13. Application Layer Parsers
    • 8.1.13.1. Asn1_max_frames (new in 1.0.3 and 1.1)
    • 8.1.13.2. Configure HTTP (libhtp)
  • 8.1.14. Engine output
    • 8.1.14.1. Logging configuration
    • 8.1.14.2. Default log format
    • 8.1.14.3. Output-filter
    • 8.1.14.4. Outputs
  • 8.1.15. Packet Acquisition
    • 8.1.15.1. Pf-ring
    • 8.1.15.2. NFQ
    • 8.1.15.3. Ipfw
  • 8.1.16. Rules
    • 8.1.16.1. Rule-files
    • 8.1.16.2. Threshold-file
    • 8.1.16.3. Classifications
    • 8.1.16.4. Rule-vars
    • 8.1.16.5. Host-os-policy
  • 8.1.17. Engine analysis and profiling
    • 8.1.17.1. Engine-analysis
    • 8.1.17.2. Rule and Packet Profiling settings
    • 8.1.17.3. Packet Profiling
  • 8.1.18. Application layers
    • 8.1.18.1. SSL/TLS
      • 8.1.18.1.1. Encrypted traffic
    • 8.1.18.2. Modbus
  • 8.1.19. Decoder
    • 8.1.19.1. Teredo
  • 8.1.20. Advanced Options
    • 8.1.20.1. luajit
      • 8.1.20.1.1. states
• 8.2. Global-Thresholds
  • 8.2.1. Threshold Config
    • 8.2.1.1. threshold/event_filter
    • 8.2.1.2. rate_filter
      • 8.2.1.2.1. gen_id
      • 8.2.1.2.2. sig_id
      • 8.2.1.2.3. track
      • 8.2.1.2.4. count
      • 8.2.1.2.5. seconds
      • 8.2.1.2.6. new_action
      • 8.2.1.2.7. timeout
      • 8.2.1.2.8. Example
    • 8.2.1.3. suppress
  • 8.2.2. Global thresholds vs rule thresholds
    • 8.2.2.1. Suppress
    • 8.2.2.2. Threshold/event_filter
    • 8.2.2.3. Rate_filter
• 8.3. Snort.conf to Suricata.yaml
  • 8.3.1. Variables
  • 8.3.2. Decoder alerts
  • 8.3.3. Checksum handling
  • 8.3.4. Various configs
    • 8.3.4.1. Active response
    • 8.3.4.2. Dropping privileges
    • 8.3.4.3. Snaplen
    • 8.3.4.4. Bpf
  • 8.3.5. Log directory
  • 8.3.6. Packet acquisition
  • 8.3.7. Rules
• 8.4. Multi Tenancy
  • 8.4.1. Introduction
  • 8.4.2. YAML
  • 8.4.3. Unix Socket
    • 8.4.3.1. Registration
    • 8.4.3.2. Unix socket runmode (pcap processing)
    • 8.4.3.3. Live traffic mode
    • 8.4.3.4. Registration
• 8.5. Dropping Privileges After Startup

 

Next  Previous