intrusion detection: log drops and alerts causing them

(cherry picked from commit 573612d)
opnsense · Feb 3, 2018 · 897842d · 897842d
1 parent 07c3073
commit 897842d
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
@@ -117,7 +117,10 @@ outputs:
 #        - files:
 #            force-magic: no   # force logging magic on all logged files
 #            force-md5: no     # force logging of md5 checksums
-#        #- drop
+        - drop:
+            alerts: yes      # log alerts that caused drops
+            flows: start     # start or all: 'start' logs only a single drop
+                             # per flow direction. All logs each dropped pkt.
 #        - ssh
 
   # alert output for use with Barnyard2