lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 17:14:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

IDPS, duplicate eve logging section when syslog_eve is checked to support eve logging over syslog. Requires current syslog-ng work in master to be functional. closes https://github.com/opnsense/core/issues/3401

Browse Source
This commit is contained in:
Ad Schellevis 2019-06-17 20:09:06 +02:00
parent 25df4f28ba
commit b62de24aea
3 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/generalSettings.xml
View File

@ -23,6 +23,16 @@
<type>checkbox</type>
<help><![CDATA[Send alerts to system log in fast log format. This will not change the alert logging used by the product itself.]]></help>
</field>
<field>
<id>ids.general.syslog_eve</id>
<label>Enable eve syslog output</label>
<type>checkbox</type>
<help><![CDATA[
Send alerts in eve format to syslog, using log level info.
This will not change the alert logging used by the product itself.
Drop logs will only be send to the internal logger, due to restrictions in suricata.
]]></help>
</field>
<field>
<id>ids.general.MPMAlgo</id>
<label>Pattern matcher</label>

6
src/opnsense/mvc/app/models/OPNsense/IDS/IDS.xml
View File

@ -1,6 +1,6 @@
<model>
<mount>//OPNsense/IDS</mount>
<version>1.0.2</version>
<version>1.0.3</version>
<description>
OPNsense IDS
</description>
@ -169,6 +169,10 @@
<default>0</default>
<Required>Y</Required>
</syslog>
<syslog_eve type="BooleanField">
<default>0</default>
<Required>Y</Required>
</syslog_eve>
<LogPayload type="BooleanField">
<default>0</default>
<Required>Y</Required>

19
src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
View File

@ -123,6 +123,25 @@ outputs:
# per flow direction. All logs each dropped pkt.
# - ssh
{% if not helpers.empty('OPNsense.IDS.general.syslog_eve') %}
# Extensible Event Format (nicknamed EVE) to syslog
- eve-log:
enabled: yes
type: syslog
identity: "suricata"
facility: local5
level: Info
types:
- alert:
{% if not helpers.empty('OPNsense.IDS.general.LogPayload') %}
payload: yes
payload-buffer-size: 100kb
payload-printable: yes
{% endif %}
http: yes
tls: yes
{% endif %}
# alert output for use with Barnyard2
- unified2-alert:
enabled: no