# Analysisd default rule timeframe.
analysisd.default_timeframe=360
# Analysisd stats maximum diff.
-analysisd.stats_maxdiff=25000
+analysisd.stats_maxdiff=999000
# Analysisd stats minimum diff.
-analysisd.stats_mindiff=250
+analysisd.stats_mindiff=1250
# Analysisd stats percentage (how much to differ from average)
-analysisd.stats_percent_diff=30
+analysisd.stats_percent_diff=150
# Analysisd FTS list size.
analysisd.fts_list_size=32
# Analysisd FTS minimum string size.
# Analysisd Enable the firewall log (at logs/firewall/firewall.log)
# 1 to enable, 0 to disable.
analysisd.log_fw=1
+# Maximum number of fields in a decoder (order tag)
+analysisd.decoder_order_size=10
+# Output GeoIP data at JSON alerts
+analysisd.geoip_jsonout=0
+
# Logcollector file loop timeout (check every 2 seconds for file changes)
logcollector.loop_timeout=2
# Logcollector number of attempts to open a log file.
logcollector.open_attempts=8
+# Logcollector - If it should accept remote commands from the manager
+logcollector.remote_commands=0
+
+
# Remoted counter io flush.
remoted.recv_counter_flush=128
# Verify msg id (set to 0 to disable it)
remoted.verify_msg_id=1
+# Don't exit when client.keys empty
+remoted.pass_empty_keyfile=0
# Maild strict checking (0=disabled, 1=enabled)
maild.strict_checking=1
# Maild full subject (0=disabled, 1=enabled)
maild.full_subject=0
+# Maild display GeoIP data (0=disabled, 1=enabled)
+maild.geoip=1
-# Monitord day_wait. Ammount of seconds to wait before compressing/signing
+
+# Monitord day_wait. Amount of seconds to wait before compressing/signing
# the files.
monitord.day_wait=10
# Monitord monitor_agents. (0=do not monitor, 1=monitor)
monitord.monitor_agents=1
+# Monitord notify_time. Frequency of which the clients' availability needs
+# to be checked. (60-3600)
+monitord.notify_time=600
# Syscheck checking/usage speed. To avoid large cpu/memory
# usage, you can specify how much to sleep after generating
syscheck.sleep=2
syscheck.sleep_after=15
+# Rootcheck checking/usage speed. Rootcheck will pause for this
+# duration after scanning a PID or port.
+rootcheck.sleep=2
+
# Database - maximum number of reconnect attempts
dbd.reconnect_attempts=10