From 0d79bfda3c53d211e86077f9c7383ec3790f7764 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Sun, 8 Apr 2018 10:01:05 +0000
Subject: [PATCH] intrusion detection: syslog by default

---
 .../app/controllers/OPNsense/IDS/forms/generalSettings.xml  | 6 ------
 src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml            | 4 ----
 src/opnsense/service/templates/OPNsense/IDS/suricata.yaml   | 5 ++---
 3 files changed, 2 insertions(+), 13 deletions(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/generalSettings.xml b/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/generalSettings.xml
index cd84d78dd..728a19786 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/generalSettings.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/generalSettings.xml
@@ -17,12 +17,6 @@
         <type>checkbox</type>
         <help><![CDATA[Enable promiscuous mode, for certain setups (like IPS with vlans), this is required to actually capture data on the physical interface.]]></help>
     </field>
-    <field>
-        <id>ids.general.syslog</id>
-        <label>Enable syslog</label>
-        <type>checkbox</type>
-        <help><![CDATA[Enable syslog, sends alerts (in fast log format) and messages to syslog. This won't change the alert logging used by the product itself.]]></help>
-    </field>
     <field>
         <id>ids.general.MPMAlgo</id>
         <label>Pattern matcher</label>
diff --git a/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml b/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
index 928492af6..0fbe11a81 100644
--- a/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
@@ -172,10 +172,6 @@
               </OptionValues>
               <ValidationMessage>Please select a valid pattern matcher algorithm</ValidationMessage>
             </MPMAlgo>
-            <syslog type="BooleanField">
-                <default>0</default>
-                <Required>Y</Required>
-            </syslog>
             <LogPayload type="BooleanField">
                 <default>0</default>
                 <Required>Y</Required>
diff --git a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
index 55ec488cd..d4afb66a0 100644
--- a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
+++ b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
@@ -239,7 +239,7 @@ outputs:
 
   # a line based alerts log similar to fast.log into syslog
   - syslog:
-      enabled: {% if helpers.exists('OPNsense.IDS.general.syslog') and OPNsense.IDS.general.syslog|default('0') == '0' %}no{% else %}yes{% endif %}
+      enabled: yes
       # reported identity to syslog. If ommited the program name (usually
       # suricata) will be used.
       #identity: "suricata"
@@ -750,8 +750,7 @@ logging:
   - console:
       enabled: no
   - syslog:
-      enabled: {% if helpers.exists('OPNsense.IDS.general.syslog') and OPNsense.IDS.general.syslog|default('0') == '0' %}no{% else %}yes{% endif %}
-
+      enabled: yes
       facility: local5
       format: "[%i] <%d> -- "