Suricata

The default suricata.yaml contains a sensor-name field at the top level which is not used anywhere. The only user of the "sensor-name" configuration key is the eve output (output-json.c) but it isn't looking for a "sensor-name" value on the eve-log configuration node, not at the root.

Is it configured in the wrong place? Or is the code looking in the wrong place? Or is the idea that it can be set globally and an eve-log configuration section can override it?

Also, and just an observation, in the configuration its "sensor-name", but in the eve output its "host"? Its a bit misleading especially if you are using it to differentiate between Suricata instances on the same host.

I'm happy to make the fixes, but want to clear up the questions above.