custom.yaml

JohnnyBeee · July 27, 2018, 08:25:45 AM

Hi..

On this page (https://forum.opnsense.org/index.php?topic=7853.msg36325#msg36325) a new feature was announced: "intrusion detection: provide custom.yaml for user edits"

Has anybody used this feature? How does it work? What's the syntax?

Thanks for any help.

mimugmail · July 27, 2018, 09:06:35 AM

It lets you edit the file via CLI or scripting, the syntax is normal Suricata style, so you should know what you do when you edit stuff in there.

JohnnyBeee · July 27, 2018, 09:37:55 AM

Quote from: mimugmail on July 27, 2018, 09:06:35 AM
It lets you edit the file via CLI or scripting, the syntax is normal Suricata style, so you should know what you do when you edit stuff in there.

Thanks.

So if for example I have this entry in suricata.yuml

detect-engine:
- profile: medium

I would put this in custom.yuml to overwrite the value?

detect-engine:
- profile: high

custom.yaml

JohnnyBeee

July 27, 2018, 08:25:45 AM

mimugmail

July 27, 2018, 09:06:35 AM #1

JohnnyBeee

July 27, 2018, 09:37:55 AM #2