dump-config - extend into multi-detect supplied yaml configuration
It will be useful if "--dump-config" can extend and look into the supplied multi-detect yaml config parameters(homenet/ports/ref/classification...) . Currently it only shows the file "multi-detect.tenants.0.yaml" (example below)
multi-detect = (null) multi-detect.enabled = yes multi-detect.selector = vlan multi-detect.loaders = 1 multi-detect.tenants = (null) multi-detect.tenants.0 = tenant multi-detect.tenants.0.tenant = multi-detect.tenants.0.id = 1 multi-detect.tenants.0.yaml = /etc/suricata/tenant-1111.yaml multi-detect.mappings = (null) multi-detect.mappings.0 = vlan multi-detect.mappings.0.vlan = multi-detect.mappings.0.vlan-id = 1155 multi-detect.mappings.0.tenant-id = 1
I guess equally desirable would be to be able to override multi-detect supplied yaml config parameters on the command line as well (example):
--set "multi-detect.tenants.0.yaml.vars.address-groups.HOME_NET = [10.10.10.0/24]"
Updated by Jason Ish about 7 years ago
The main issue here, I think, is that the specified yaml file isn't included as part of the on start configuration initialization - its not handled directly by the configuration subsystem. I wonder if this could be modified to use YAML includes so its directly handled by the configuration loader?
That, or perhaps just moving the ConfDump() in suricata.c further down may do.