net/snort3/files/local.lua

   1 -- This file is no longer used if you are using 'snort-mgr' to create the
   2 -- configuration.  It is left as a sample.
   3 --
   4 -- use ths file to customize any functions defined in /etc/snort/snort.lua
   5
   6 -- switch tap to inline in ips and uncomment the below to run snort in inline mode
   7 --snort = {}
   8 --snort["-Q"] = true
   9
  10 ips = {
  11   mode = tap,
  12   -- mode = inline,
  13   variables = default_variables,
  14   -- uncomment and change the below to reflect rules or symlinks to rules on your filesystem
  15   -- include = RULE_PATH .. '/snort.rules',
  16 }
  17
  18 daq = {
  19   module_dirs = {
  20     '/usr/lib/daq',
  21   },
  22   modules = {
  23     {
  24       name = 'afpacket',
  25       mode = 'inline',
  26     }
  27   }
  28 }
  29
  30 alert_syslog = {
  31   level = 'info',
  32 }
  33
  34 -- To log to a file, uncomment the below and manually create the dir defined in output.logdir
  35 --output.logdir = '/var/log/snort'
  36 --alert_fast = {
  37 --  file = true,
  38 --  packet = false,
  39 --}
  40
  41 normalizer = {
  42   tcp = {
  43     ips = true,
  44   }
  45 }
  46
  47 file_policy = {
  48   enable_type = true,
  49   enable_signature = true,
  50   rules = {
  51     use = {
  52       verdict = 'log', enable_file_type = true, enable_file_signature = true
  53     }
  54   }
  55 }
  56
  57 -- To use openappid with snort, install the openappid package and uncomment the below
  58 --appid = {
  59 --    app_detector_dir = '/usr/lib/openappid',
  60 --    log_stats = true,
  61 --    app_stats_period = 60,
  62 --}