Bug #1679
closedsensor-name configuration parameter specified in wrong place in default suricata.yaml
Description
The default suricata.yaml contains a sensor-name field at the top level which is not used anywhere. The only user of the "sensor-name" configuration key is the eve output (output-json.c) but it isn't looking for a "sensor-name" value on the eve-log configuration node, not at the root.
Is it configured in the wrong place? Or is the code looking in the wrong place? Or is the idea that it can be set globally and an eve-log configuration section can override it?
Also, and just an observation, in the configuration its "sensor-name", but in the eve output its "host"? Its a bit misleading especially if you are using it to differentiate between Suricata instances on the same host.
I'm happy to make the fixes, but want to clear up the questions above.
Updated by Victor Julien about 8 years ago
- Status changed from New to Assigned
- Assignee set to Jason Ish
- Target version set to 70
I'd say it makes sense to have this be global.
In unified2 we have the sensor-id option, which is a per output config. However it's set to a global int variable, so it's essentially also a global setting.
Updated by Jason Ish about 8 years ago
- Status changed from Assigned to Closed
Merged into master:
https://github.com/inliniac/suricata/pull/1860
Updated by Jason Ish about 8 years ago
- Target version changed from 70 to 3.0.1RC1