custom.yaml

Started by JohnnyBeee, July 27, 2018, 08:25:45 AM

Previous topic - Next topic
Hi..

On this page (https://forum.opnsense.org/index.php?topic=7853.msg36325#msg36325) a new feature was announced: "intrusion detection: provide custom.yaml for user edits"

Has anybody used this feature? How does it work? What's the syntax?

Thanks for any help.

It lets you edit the file via CLI or scripting, the syntax is normal Suricata style, so you should know what you do when you edit stuff in there.

Quote from: mimugmail on July 27, 2018, 09:06:35 AM
It lets you edit the file via CLI or scripting, the syntax is normal Suricata style, so you should know what you do when you edit stuff in there.

Thanks.

So if for example I have this entry in suricata.yuml

detect-engine:
  - profile: medium


I would put this in custom.yuml to overwrite the value?

detect-engine:
  - profile: high