From a83e72acf1e17eb8fc96ace3490f977103bda53c Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Fri, 9 Nov 2018 07:25:39 +0100
Subject: [PATCH] intrusion detection: default syslog level seems to be Error,
 not Info

So do the sensible thing and use Notice which is what global logging
is currently using in the hopes to a align syslog with eve log.

Completely unsure if this helps though.  The docs don't describe this
and nobody else tinkering with suricata.yaml came up with a solution?

PR: https://forum.opnsense.org/index.php?topic=10140.0
---
 src/opnsense/service/templates/OPNsense/IDS/suricata.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
index 4026da5b3..5f7ed3797 100644
--- a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
+++ b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
@@ -245,8 +245,8 @@ outputs:
       # suricata) will be used.
       #identity: "suricata"
       facility: local5
-      #level: Info ## possible levels: Emergency, Alert, Critical,
-                   ## Error, Warning, Notice, Info, Debug
+      level: Notice ## possible levels: Emergency, Alert, Critical,
+                    ## Error, Warning, Notice, Info, Debug
 
   # a line based information for dropped packets in IPS mode
   - drop: