File: fever.yaml

package info (click to toggle)
fever 1.0.5-2
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 512 kB
  • sloc: makefile: 17; sh: 12
file content (99 lines) | stat: -rw-r--r-- 2,938 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# Config file for FEVER
# ---------------------

# Output additional debug information.
#  verbose: true
# Enable output of profiling information to specified file.
#  profile: profile.out
# Use the given size for defining the size of data blocks to be handled at once.
#  chunksize: 50000
# Do not submit data to the sinks, only print on stdout.
#  dummy: true
# Retry connection to sockets or servers for at most the given amount of times before 
# giving up. Use the value of 0 to never give up.
#  reconnect-retries: 5
# Specify time interval or number of items to cache before flushing to 
# database, whichever happens first.
#  flushtime: 1m
#  flushcount: 100000

# Configuration for PostgreSQL 9.5+ database connection.
database:
  enable: false
  host: localhost
  user: user
  password: pass
  database: test
  # Set to true to use the MongoDB interface instead of PostgreSQL.
  mongo: false
  # Time interval after which a new table is created and background 
  # indexing is started.
  rotate: 1h
  # Maximum size in gigabytes.
  maxtablesize: 50

# Configuration for input (from Suricata side). Only one of 'socket' 
# or 'redis' is supported at the same time, comment/uncomment to choose.
# The 'nopipe' option disables Redis pipelining. For Redis, we assume the
# 'suricata' list as a source.
input:
  socket: /tmp/suri.sock
  #redis:
  #  server: localhost
  #  nopipe: true

# Definition what event types to forward. Set 'all' to true to forward 
# everything received from Suricata, otherwise use the 'types' list to choose.
# By default, we only forward alerts and stats events.
forward:
  all: false
  types: 
    - alert
    - stats

# Configuration for output of forwarded events (socket to e.g. Logstash).
output:
  socket: /tmp/suri-forward.sock

# Configuration for flow report submission.
flowreport:
  # Interval used for aggregation.
  interval: 60s
  submission-url: amqp://guest:guest@localhost:5672/
  submission-exchange: aggregations
  # Set to true to disable gzip compression for uploads.
  nocompress: false

# Configuration for metrics (i.e. InfluxDB) submission.
metrics:
  enable: true
  submission-url: amqp://guest:guest@localhost:5672/
  submission-exchange: metrics

# Configuration for passive DNS submission.
pdns:
  enable: true
  submission-url: amqp://guest:guest@localhost:5672/
  submission-exchange: pdns

# Configuration for detailed flow metadata submission.
flowextract:
  enable: false
  submission-url: amqp://guest:guest@localhost:5672/
  submission-exchange: aggregations
  # Uncomment to enable flow collection only for IPs in the given 
  # Bloom filter.
  #  bloom-selector: /tmp/flows.bloom

# Configuration for Bloom filter alerting on HTTP, DNS and 
# TLS metadata events.
#bloom:
#  file: ./in.bloom.gz
#  zipped: true
#  alert-prefix: BLF

logging:
  # Insert file name here to redirect logs to separate file.
  file: 
  # Set to true to enable JSON output.
  json: false