Feature #1542

dump-config - extend into multi-detect supplied yaml configuration

Added by Peter Manev almost 6 years ago. Updated about 1 year ago.

Target version:


It will be useful if "--dump-config" can extend and look into the supplied multi-detect yaml config parameters(homenet/ports/ref/classification...) . Currently it only shows the file "multi-detect.tenants.0.yaml" (example below)

multi-detect = (null)
multi-detect.enabled = yes
multi-detect.selector = vlan
multi-detect.loaders = 1
multi-detect.tenants = (null)
multi-detect.tenants.0 = tenant
multi-detect.tenants.0.tenant = = 1
multi-detect.tenants.0.yaml = /etc/suricata/tenant-1111.yaml
multi-detect.mappings = (null)
multi-detect.mappings.0 = vlan
multi-detect.mappings.0.vlan = 
multi-detect.mappings.0.vlan-id = 1155
multi-detect.mappings.0.tenant-id = 1

I guess equally desirable would be to be able to override multi-detect supplied yaml config parameters on the command line as well (example):
--set "multi-detect.tenants.0.yaml.vars.address-groups.HOME_NET = []"


Updated by Jason Ish over 5 years ago

The main issue here, I think, is that the specified yaml file isn't included as part of the on start configuration initialization - its not handled directly by the configuration subsystem. I wonder if this could be modified to use YAML includes so its directly handled by the configuration loader?

That, or perhaps just moving the ConfDump() in suricata.c further down may do.


Updated by Andreas Herz over 5 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD

Updated by Victor Julien over 1 year ago

  • Target version changed from TBD to 6.0.0beta1

I think the last suggestion makes sense.


Updated by Jason Ish about 1 year ago

  • Priority changed from Normal to Low

Updated by Victor Julien about 1 year ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Jason Ish
  • Target version changed from 6.0.0beta1 to 7.0rc1

Also available in: Atom PDF