Project

General

Profile

Actions

Bug #1679

closed

sensor-name configuration parameter specified in wrong place in default suricata.yaml

Added by Jason Ish over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

The default suricata.yaml contains a sensor-name field at the top level which is not used anywhere. The only user of the "sensor-name" configuration key is the eve output (output-json.c) but it isn't looking for a "sensor-name" value on the eve-log configuration node, not at the root.

Is it configured in the wrong place? Or is the code looking in the wrong place? Or is the idea that it can be set globally and an eve-log configuration section can override it?

Also, and just an observation, in the configuration its "sensor-name", but in the eve output its "host"? Its a bit misleading especially if you are using it to differentiate between Suricata instances on the same host.

I'm happy to make the fixes, but want to clear up the questions above.

Actions #1

Updated by Victor Julien over 7 years ago

  • Status changed from New to Assigned
  • Assignee set to Jason Ish
  • Target version set to 70

I'd say it makes sense to have this be global.

In unified2 we have the sensor-id option, which is a per output config. However it's set to a global int variable, so it's essentially also a global setting.

Actions #2

Updated by Jason Ish over 7 years ago

  • Status changed from Assigned to Closed
Actions #3

Updated by Jason Ish over 7 years ago

  • Target version changed from 70 to 3.0.1RC1
Actions

Also available in: Atom PDF