Logging changes: new hdd, removed ideapad instance, graylog

config/assets/suricata.yaml

@@ -31,7 +31,7 @@ vars:
     TEREDO_PORTS: 3544
     SIP_PORTS: "[5060, 5061]"
 
-default-log-dir: /home/logging/logs
+default-log-dir: /mnt/logs/suricata
 classification-file: /etc/suricata/classification.config
 reference-config-file: /etc/suricata/reference.config
 default-rule-path: /etc/suricata/rules
@@ -58,12 +58,14 @@ outputs:
   - eve-log:
       enabled: yes
       filetype: regular
-      filename: eve.json
+      filename: eve-%Y-%m-%d.json
+      rotate-interval: day
       types:
         - alert:
             tagged-packets: yes
         - http:
             extended: yes
+            dump-all-headers: both
         - http2
         - dns:
             enabled: yes
@@ -94,7 +96,7 @@ outputs:
         - smtp
 
   - pcap-log:
-      enabled: yes
+      enabled: no
       filename: log.pcap
       limit: 1gb
       max-files: 200