Project

General

Profile

Actions
Copy link

Bug #2919

closed

nested config files seems to trigger decoder output stats error (SC_WARN_DEFAULT_WILL_CHANGE) even when enabled

Added by Peter Manev about 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

[2573] 3/4/2019 -- 23:53:55 - (suricata.c:1058) <Notice> (LogVersion) -- This is Suricata version 5.0.0-dev (rev 69d0d484e)
[2573] 3/4/2019 -- 23:53:55 - (util-cpu.c:171) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 2
[2573] 3/4/2019 -- 23:53:55 - (counters.c:264) <Warning> (StatsInitCtxPreOutput) -- [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE(317)] - in 5.0 the default for decoder event stats will go from 'decoder.<proto>.<event>' to 'decoder.event.<proto>.<event>'. See ticket #2225. To suppress this message, set stats.decoder-events-prefix in the yaml.
[2573] 3/4/2019 -- 23:53:55 - (util-logopenfile.c:478) <Info> (SCConfLogOpenGeneric) -- eve-log output device (regular) initialized: eve.json
[2573] 3/4/2019 -- 23:53:55 - (output-json-email-common.c:455) <Info> (OutputEmailInitConf) -- Going to log the md5 sum of email body
[2573] 3/4/2019 -- 23:53:55 - (output-json-email-common.c:459) <Info> (OutputEmailInitConf) -- Going to log the md5 sum of email subject
[2573] 3/4/2019 -- 23:53:55 - (output-json-dnp3.c:392) <Info> (OutputDNP3LogInitSub) -- DNP3 log sub-module initialized.
[2573] 3/4/2019 -- 23:53:55 - (output-json-dnp3.c:392) <Info> (OutputDNP3LogInitSub) -- DNP3 log sub-module initialized.
[2573] 3/4/2019 -- 23:53:55 - (output-json-stats.c:468) <Warning> (OutputStatsLogInitSub) -- [ERRCODE: SC_WARN_EVE_MISSING_EVENTS(318)] - eve.stats will not display all decoder events correctly. See #2225. Set a prefix in stats.decoder-events-prefix. In 5.0 the prefix will default to 'decoder.event'.

tail /etc/suricata/suricata.yaml 

##
## Include other configs
##

# Includes.  Files included here will be handled as if they were
# inlined in this configuration file.
#include: include1.yaml
#include: include2.yaml
include: /etc/suricata/addin.yaml

Inside the second/nested config "/etc/suricata/addin.yaml" I have set up the outputs for decoder events - 

/usr/bin/suricata -c /etc/suricata/suricata.yaml --dump-config |grep decoder-events
outputs.10.stats.decoder-events = true
outputs.10.stats.decoder-events-prefix = decoder.event

but it still throws out the err/warning.
If I do the change in the main yaml config - i do not get the err/warning anymore.

Actions
Copy link

Also available in: Atom PDF