Network IDS, IPS and Security Monitoring 740 #include Address group name [a-z0-9-]+ IP address or subnet ipv4 IPv4 address to match ipv6 IPv6 address to match ipv4net IPv4 prefix to match ipv6net IPv6 prefix to match !ipv4 Exclude the specified IPv4 address from matches !ipv6 Exclude the specified IPv6 address from matches !ipv4net Exclude the specified IPv6 prefix from matches !ipv6net Exclude the specified IPv6 prefix from matches Address group service ids suricata address-group txt Address group to match !txt Exclude the specified address group from matches !?[a-z0-9-]+ Port group name [a-z0-9-]+ Port number u32:1-65535 Numeric port to match !u32:1-65535 Numeric port to exclude from matches start-end Numbered port range (e.g. 1001-1005) to match !start-end Numbered port range (e.g. !1001-1005) to exclude from matches Port group service ids suricata port-group txt Port group to match !txt Exclude the specified port group from matches !?[a-z0-9-]+ Suricata log outputs Extensible Event Format (EVE) EVE logging destination regular syslog regular Log to filename syslog Log to syslog (regular|syslog) regular Log file filename File name in default Suricata log directory /path Absolute file path eve.json Log types alert anomaly drop files http dns tls smtp dnp3 ftp rdp nfs smb tftp ikev2 dcerpc krb5 snmp rfb sip dhcp ssh mqtt http2 flow netflow alert Record events for rule matches anomaly Record unexpected conditions such as truncated packets, packets with invalid IP/UDP/TCP length values, and other events that render the packet invalid for further processing or describe unexpected behavior on an established stream drop Record events for dropped packets file Record file details (e.g., MD5) for files extracted from application protocols (e.g., HTTP) application (http, dns, tls, ...) Record application-level transactions flow Record bi-directional flows netflow Record uni-directional flows (alert|anomaly|http|dns|tls|files|drop|smtp|dnp3|ftp|rdp|nfs|smb|tftp|ikev2|dcerpc|krb5|snmp|rfb|sip|dhcp|ssh|mqtt|http2|flow|netflow)