Bug #2467: 4.1beta1 - non rust builds with SMB enabled - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #2467

closed

4.1beta1 - non rust builds with SMB enabled

Added by Peter Manev about 6 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

4.1

Affected Versions:

Effort:

Difficulty:

Label:

Description

When enabling SMB/TFTP logging on non rust build 4.1.beta1 there is the following warning-

26/3/2018 -- 20:41:09 - <Info> - eve-log output device (regular) initialized: eve.json
26/3/2018 -- 20:41:09 - <Warning> - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.smb
26/3/2018 -- 20:41:09 - <Warning> - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - No output module named eve-log.tftp
26/3/2018 -- 20:41:09 - <Info> - stats output device (regular) initialized: stats.log

I wonder if it is not better to explicitly fail to start in that case or a better msg?

Actions

Copy link

Updated by Andreas Herz about 6 years ago

Assignee set to OISF Dev
Target version set to TBD

Actions

Copy link

Updated by Jason Ish almost 6 years ago

Effort set to low
Difficulty set to low

What if the error message was more like:

26/3/2018 -- 20:41:09 - <Info> - eve-log output device (regular) initialized: eve.json
26/3/2018 -- 20:41:09 - <Warning> - No output module named eve-log.smb
26/3/2018 -- 20:41:09 - <Warning> - No output module named eve-log.tftp
26/3/2018 -- 20:41:09 - <Info> - stats output device (regular) initialized: stats.log

I think the "[ERRCODE: SC_ERR_INVALID_ARGUMENT(13)]" makes it look a whole lost nastier than it really is. Perhaps a warning like "Output module eve-log.smb not available without Rust support". We'd still want this a warning or an error, but I don't know if its deserving of the "[ERRCODE: SC_ERR_INVALID_ARGUMENT(13)]".

Actions

Copy link