Added by Anthony Verez over 6 years ago. Updated almost 5 years ago.
Description
Our sensors are running in different environments.
We would like to be able to create profiles, the profile to use should be passed on the command line.
Each profile could use different configuration rules to enable/disable/modify different sets of rules.
If all of the options could be controlled by the yaml, simply specifying a different yaml would count as a profile I guess? Not sure if there are things currently that can't be controlled through the yaml.
Victor Julien wrote:
If all of the options could be controlled by the yaml, simply specifying a different yaml would count as a profile I guess? Not sure if there are things currently that can't be controlled through the yaml.
I don't think there is anything that can't be controlled by the configuration file. There may have been, pre-1.0 when this bug was created, but yes, using a configuration file should be able to override everything.
I guess one issue when "profiles" are discussed is that it might be hard to share a "base" configuration. But I'm not sure if this is in scope of Suricata-Update, probably better for the orchestration tools built around it. The most I'd consider if a way to include files into others, for example, disable.conf could include another disable.conf, which could serve as the base configuration. This could give you some level of inheritance between configurations, and is rather simple to develop and maintain on our end.