From 64aee5e70c7a2720b307dc01ef72e545c867856f Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Tue, 3 May 2011 22:46:32 +0200
Subject: [PATCH] Add file log to default suricata.yaml.

---
 suricata.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/suricata.yaml b/suricata.yaml
index abd88a1ae5..16836df7ed 100644
--- a/suricata.yaml
+++ b/suricata.yaml
@@ -139,8 +139,10 @@ outputs:
       filename: drop.log
       append: yes
 
+  # output module to store extracted files to disk
   - file:
-      enabled: no
+      enabled: no       # set to yes to enable
+      log-dir: files    # directory to store the files
 
 # When running in NFQ inline mode, it is possible to use a simulated
 # non-terminal NFQUEUE verdict.