Hi the OPNsense community,
In Services > Intrusion Detection > Administration, the GUI enables the user to make a number of configuration changes and there are additional settings too that can be configured in the file suricata.yaml.
The OPNsense document speaks about suricata.yaml and to add additional changes, there is another configuration file, custom.yaml.
https://docs.opnsense.org/manual/ips.html
The question is: what are the possible practices - or advice - to make these additional settings changes in Suricata ?
I have tried the following:
- In addition to the parameters that can be managed directly from the GUI, I edited the suricata.yaml file directly but at boot, changes are erased to keep the ones input from the GUI only ;
- to test the custom.yaml configuration file, I copied in there the full suricata.yaml including the wished changes. Although that suricata.yaml worked when used as main configuration file, it didn't work as custom.yaml ;
For instance, I am wondering please about possibilities to:
- keep an updated suricata.yaml even after reboot ?
- additional info about how to use the custom.yaml ?
- any other thoughts / ideas about this topic ?
Many thanks !