where to update suricata service config

382 views

Skip to first unread message

William Plessinger

unread,

Sep 12, 2020, 10:12:45 PM9/12/20

to security-onion

Can someone please point me at the correct file which maps to suricata.yml. My goal is to adjust variables.

I've tried:

/opt/so/saltstack/default/salt/suricata/defaults.yaml

and

/opt/so/conf/suricata/suricata.yaml

then forced update with:

sudo salt-call state.highstate

sudo salt-call state.apply idstools

and

sudo so-suricata-restart

On this one it does show me that /opt/so/conf/suricata/suricata.yaml has differences but it overwrites with a default somewhere.

Thanks in advance!

David

Doug Burks

unread,

Sep 13, 2020, 7:04:48 AM9/13/20

to securit...@googlegroups.com

Hi David,

You should be able to specify suricata:config changes in the global pillar (/opt/so/saltstack/local/pillar/global.sls) or at the minion level (/opt/so/saltstack/local/pillar/minions/<minionid>.sls).

For more information, please see:

https://docs.securityonion.net/en/2.1/salt.html#configuration

https://docs.securityonion.net/en/2.1/suricata.html#configuration

Hope that helps!

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/security-onion/e926ae3b-9a9f-4fae-88f9-e490d4595d62o%40googlegroups.com.