@@ -220,34 +220,6 @@ outputs:
220220 dump-all-headers : {{OPNsense.IDS.general.eveLog.http.dumpAllHeaders}}
221221{% endif %}
222222{% endif %}
223- # - dns:
224- # This configuration uses the new DNS logging format,
225- # the old configuration is still available:
226- # https://docs.suricata.io/en/latest/output/eve/eve-json-output.html#dns-v1-format
227-
228- # As of Suricata 5.0, version 2 of the eve dns output
229- # format is the default.
230- # version: 2
231-
232- # Enable/disable this logger. Default: enabled.
233- # enabled: yes
234-
235- # Control logging of requests and responses:
236- # - requests: enable logging of DNS queries
237- # - responses: enable logging of DNS answers
238- # By default both requests and responses are logged.
239- # requests: no
240- # responses: no
241-
242- # Format of answer logging:
243- # - detailed: array item per answer
244- # - grouped: answers aggregated by type
245- # Default: all
246- # formats: [detailed, grouped]
247-
248- # DNS record types to log, based on the query type.
249- # Default: all.
250- # types: [a, aaaa, cname, mx, ns, ptr, txt]
251223{% if not helpers.empty('OPNsense.IDS.general.eveLog.tls.enable') %}
252224 - tls :
253225 extended : {{ 'no' if helpers.empty('OPNsense.IDS.general.eveLog.tls.extended') else 'yes' }}
@@ -259,19 +231,25 @@ outputs:
259231 custom : [{{ OPNsense.IDS.general.eveLog.tls.custom }}]
260232{% endif %}
261233{% endif %}
262- # - files:
263- force-magic : no # force logging magic on all logged files
264- # force logging of checksums, available hash functions are md5,
265- # sha1 and sha256
266- # force-hash: [md5]
267234
268235 - drop :
269236 alerts : yes # log alerts that caused drops
270237 flows : start # start or all: 'start' logs only a single drop
271238 # per flow direction. All logs each dropped pkt.
272239
273- # - smtp:
274- # extended: yes # enable this for extended logging information
240+ - ssh
241+
242+ {% set eveLog_types_enabled = (OPNsense.IDS.general.eveLog.types.enabled|default('')).split(',') %}
243+ {% set eveLog_types_extended = (OPNsense.IDS.general.eveLog.types.extended|default('')).split(',') %}
244+ {% for opt in eveLog_types_enabled %}
245+ - {{opt}}:
246+ {% if opt == 'files' and opt in eveLog_types_extended %}
247+ force-magic : yes # force logging magic on all logged files
248+ # force logging of checksums, available hash functions are md5,
249+ # sha1 and sha256
250+ # force-hash: [md5]
251+ {% elif opt == 'smtp' and opt in eveLog_types_extended %}
252+ extended : yes # enable this for extended logging information
275253 # this includes: bcc, message-id, subject, x_mailer, user-agent
276254 # custom fields logging from the list:
277255 # reply-to, bcc, message-id, subject, x-mailer, user-agent, received,
@@ -282,43 +260,18 @@ outputs:
282260 # for the body you need to set app-layer.protocols.smtp.mime.body-md5
283261 # to yes
284262 # md5: [body, subject]
285-
286- # - dnp3
287- # - ftp
288- # - rdp
289- # - nfs
290- # - smb
291- # - tftp
292- # - ike
293- # - dcerpc
294- # - krb5
295- # - bittorrent-dht
296- # - snmp
297- # - rfb
298- # - sip
299- # - quic
300- # - dhcp:
301- # enabled: yes
263+ {% elif opt == 'dhcp' and opt in eveLog_types_extended %}
302264 # When extended mode is on, all DHCP messages are logged
303265 # with full detail. When extended mode is off (the
304266 # default), just enough information to map a MAC address
305267 # to an IP address is logged.
306- # extended: no
307- - ssh
308- # - mqtt:
309- # passwords: yes # enable output of passwords
310- # - http2
311- # - pgsql:
312- # enabled: no
313- # passwords: yes # enable output of passwords. Disabled by default
314- # - stats:
315- # totals: yes # stats for all threads merged together
316- # threads: no # per thread stats
317- # deltas: no # include delta values
318- # bi-directional flows
319- # - flow
320- # uni-directional flows
321- # - netflow
268+ extended : yes
269+ {% elif opt == 'mqtt' and opt in eveLog_types_extended %}
270+ passwords : yes # enable output of passwords
271+ {% elif opt == 'pgsql' and opt in eveLog_types_extended %}
272+ passwords : yes # enable output of passwords. Disabled by default
273+ {% endif %}
274+ {% endfor %}
322275
323276 # Metadata event type. Triggered whenever a pktvar is saved
324277 # and will include the pktvars, flowvars, flowbits and
@@ -942,7 +895,7 @@ app-layer:
942895 #encryption-handling: default
943896
944897 pgsql:
945- enabled: no
898+ enabled: {{ 'yes' if 'pgsql' in eveLog_types_enabled else 'no' }}
946899 # Stream reassembly size for PostgreSQL. By default, track it completely.
947900 stream-depth: 0
948901 # Maximum number of live PostgreSQL transactions per flow
@@ -998,14 +951,14 @@ app-layer:
998951 #log-url-scheme: yes
999952 # Set to yes to compute the md5 of the mail body. You will then
1000953 # be able to journalize it.
1001- body-md5: no
954+ body-md5: {{ 'yes' if 'smtp' in eveLog_types_extended else 'no' }}
1002955 # Configure inspected-tracker for file_data keyword
1003956 inspected-tracker:
1004957 content-limit: 100000
1005958 content-inspect-min-size: 32768
1006959 content-inspect-window: 4096
1007960 imap:
1008- enabled: detection-only
961+ enabled: {{ 'yes' if 'imap' in eveLog_types_enabled else ' detection-only' }}
1009962 smb:
1010963 enabled: yes
1011964 detection-ports:
@@ -1171,7 +1124,7 @@ app-layer:
11711124
11721125 # DNP3
11731126 dnp3:
1174- enabled: no
1127+ enabled: {{ 'yes' if 'dnp3' in eveLog_types_enabled else 'no' }}
11751128 detection-ports:
11761129 dp: 20000
11771130
@@ -1192,7 +1145,7 @@ app-layer:
11921145 enabled: yes
11931146
11941147 sip:
1195- # enabled: yes
1148+ enabled: {{ ' yes' if 'sip' in eveLog_types_enabled else 'no' }}
11961149
11971150# Limit for the maximum number of asn1 frames to decode (default 256)
11981151asn1-max-frames: 256
0 commit comments