pid_suricata-dir_fast.log

1. 3170 1 root S 637m 34% 3 0% {Suricata-Main} /usr/bin/suricata --pidfile /var/run/suricata.pid -D -q 0 -c /etc/suricata/suricata.yaml
2.  
3. default-log-dir = /var/log/suricata/
4. outputs.0.fast.filename = fast.log
5.  
6. # suricata-update - enable.conf
7. 1000001
8. group:emerging*
9.  
10. # suricata-update - modify.conf
11. re:. ^alert drop
12. re:classtype:trojan-activity "(alert)(.*)" "drop\\2"