intrusion detection: log drops and alerts causing them

opnsense · Jan 20, 2018 · 573612d · 573612d
1 parent 5e970dd
commit 573612d
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
@@ -117,7 +117,10 @@ outputs:
 #        - files:
 #            force-magic: no   # force logging magic on all logged files
 #            force-md5: no     # force logging of md5 checksums
-#        #- drop
+        - drop:
+            alerts: yes      # log alerts that caused drops
+            flows: start     # start or all: 'start' logs only a single drop
+                             # per flow direction. All logs each dropped pkt.
 #        - ssh
 
   # alert output for use with Barnyard2