From 573612d48ebe6142015befbe558a2c9829e85fcb Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Sat, 20 Jan 2018 12:17:04 +0100
Subject: [PATCH] intrusion detection: log drops and alerts causing them

---
 src/opnsense/service/templates/OPNsense/IDS/suricata.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
index 996f37c6d..06519c06a 100644
--- a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
+++ b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
@@ -117,7 +117,10 @@ outputs:
 #        - files:
 #            force-magic: no   # force logging magic on all logged files
 #            force-md5: no     # force logging of md5 checksums
-#        #- drop
+        - drop:
+            alerts: yes      # log alerts that caused drops
+            flows: start     # start or all: 'start' logs only a single drop
+                             # per flow direction. All logs each dropped pkt.
 #        - ssh
 
   # alert output for use with Barnyard2