jasonish · March 5, 2018 22:30
diff --git a/foo.yaml b/foo.yaml
 %YAML 1.1
 ---

 outputs:
  - eve-log:
      enabled: yes
      filetype: redis
      filename: eve.json
      redis:
        server: 127.0.0.1
        port: 6379
        async: true
        mode: list
      types:
        - alert:
            metadata: yes
            tagged-packets: yes
            xff:
              enabled: no
              mode: extra-data
              deployment: reverse
              header: X-Forwarded-For
        - http:
            extended: yes     # enable this for extended logging information
        - dns:
            query: yes     # enable logging of DNS queries
            answer: yes    # enable logging of DNS answers
        - tls:
            extended: yes     # enable this for extended logging information
        - files:
            force-magic: no   # force logging magic on all logged files
        - smtp:
        - ssh
        - stats:
            totals: yes       # stats for all threads merged together
            threads: no       # per thread stats
            deltas: no        # include delta values
        - flow

  - eve-log:
      enabled: yes
      filetype: regular
      filename: eve.json
      types:
        - alert:
            metadata: yes
            tagged-packets: yes
            xff:
              enabled: no
              mode: extra-data
              deployment: reverse
              header: X-Forwarded-For
        - http:
            extended: yes     # enable this for extended logging information
        - dns:
            query: yes     # enable logging of DNS queries
            answer: yes    # enable logging of DNS answers
        - tls:
            extended: yes     # enable this for extended logging information
        - files:
            force-magic: no   # force logging magic on all logged files
        - smtp:
        - ssh
        - stats:
            totals: yes       # stats for all threads merged together
            threads: no       # per thread stats
            deltas: no        # include delta values
        - flow
	%YAML 1.1
	---

	outputs:
	- eve-log:
	enabled: yes
	filetype: redis
	filename: eve.json
	redis:
	server: 127.0.0.1
	port: 6379
	async: true
	mode: list
	types:
	- alert:
	metadata: yes
	tagged-packets: yes
	xff:
	enabled: no
	mode: extra-data
	deployment: reverse
	header: X-Forwarded-For
	- http:
	extended: yes # enable this for extended logging information
	- dns:
	query: yes # enable logging of DNS queries
	answer: yes # enable logging of DNS answers
	- tls:
	extended: yes # enable this for extended logging information
	- files:
	force-magic: no # force logging magic on all logged files
	- smtp:
	- ssh
	- stats:
	totals: yes # stats for all threads merged together
	threads: no # per thread stats
	deltas: no # include delta values
	- flow

	- eve-log:
	enabled: yes
	filetype: regular
	filename: eve.json
	types:
	- alert:
	metadata: yes
	tagged-packets: yes
	xff:
	enabled: no
	mode: extra-data
	deployment: reverse
	header: X-Forwarded-For
	- http:
	extended: yes # enable this for extended logging information
	- dns:
	query: yes # enable logging of DNS queries
	answer: yes # enable logging of DNS answers
	- tls:
	extended: yes # enable this for extended logging information
	- files:
	force-magic: no # force logging magic on all logged files
	- smtp:
	- ssh
	- stats:
	totals: yes # stats for all threads merged together
	threads: no # per thread stats
	deltas: no # include delta values
	- flow