From d2ef070687d1a4077a818211db4ffd6a5eab69f6 Mon Sep 17 00:00:00 2001
From: Jonny5 <jonny5@nova-labs.net>
Date: Mon, 29 Jul 2024 05:04:37 -0500
Subject: [PATCH] Update suricata.yaml and remove two deprecated settings and
 add a few useful settings (#7667)

---
 .../service/templates/OPNsense/IDS/suricata.yaml      | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
index f500477f1..b6118837a 100644
--- a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
+++ b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
@@ -337,6 +337,13 @@ outputs:
       identity: "suricata"
       facility: local5
       level: Info
+      community-id: true
+      community-id-seed: 0
+      xff:
+        enabled: yes
+        mode: extra-data
+        deployment: reverse
+        header: X-Forwarded-For
       types:
         - alert:
 {%     if not helpers.empty('OPNsense.IDS.general.LogPayload') %}
@@ -344,8 +351,8 @@ outputs:
              payload-buffer-size: 4kb
              payload-printable: yes
 {%     endif %}
-             http: yes
-             tls: yes
+            metadata: yes
+            tagged-packets: yes
 {% endif %}
 
   # deprecated - unified2 alert format for use with Barnyard2