Project

General

Profile

Actions

Feature #1542

open

dump-config - extend into multi-detect supplied yaml configuration

Added by Peter Manev about 6 years ago. Updated over 1 year ago.

Status:
Assigned
Priority:
Low
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

It will be useful if "--dump-config" can extend and look into the supplied multi-detect yaml config parameters(homenet/ports/ref/classification...) . Currently it only shows the file "multi-detect.tenants.0.yaml" (example below)

multi-detect = (null)
multi-detect.enabled = yes
multi-detect.selector = vlan
multi-detect.loaders = 1
multi-detect.tenants = (null)
multi-detect.tenants.0 = tenant
multi-detect.tenants.0.tenant = 
multi-detect.tenants.0.id = 1
multi-detect.tenants.0.yaml = /etc/suricata/tenant-1111.yaml
multi-detect.mappings = (null)
multi-detect.mappings.0 = vlan
multi-detect.mappings.0.vlan = 
multi-detect.mappings.0.vlan-id = 1155
multi-detect.mappings.0.tenant-id = 1

I guess equally desirable would be to be able to override multi-detect supplied yaml config parameters on the command line as well (example):
--set "multi-detect.tenants.0.yaml.vars.address-groups.HOME_NET = [10.10.10.0/24]"

Actions #1

Updated by Jason Ish almost 6 years ago

The main issue here, I think, is that the specified yaml file isn't included as part of the on start configuration initialization - its not handled directly by the configuration subsystem. I wonder if this could be modified to use YAML includes so its directly handled by the configuration loader?

That, or perhaps just moving the ConfDump() in suricata.c further down may do.

Actions #2

Updated by Andreas Herz over 5 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
Actions #3

Updated by Victor Julien almost 2 years ago

  • Target version changed from TBD to 6.0.0beta1

I think the last suggestion makes sense.

Actions #4

Updated by Jason Ish over 1 year ago

  • Priority changed from Normal to Low
Actions #5

Updated by Victor Julien over 1 year ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Jason Ish
  • Target version changed from 6.0.0beta1 to 7.0rc1
Actions

Also available in: Atom PDF