Project

General

Profile

Actions

Optimization #3208

open

unnecessary output on 'update-sources'

Added by Victor Julien about 5 years ago. Updated almost 2 years ago.

Status:
Assigned
Priority:
Low
Target version:
Effort:
Difficulty:
Label:

Description

Got:

./bin/suricata-update update-sources
1/10/2019 -- 14:52:37 - <Warning> -- No suricata application binary found on path.
1/10/2019 -- 14:52:37 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml
1/10/2019 -- 14:52:37 - <Info> -- Using /etc/suricata/rules for Suricata provided rules.
1/10/2019 -- 14:52:37 - <Info> -- Using default Suricata version of 4.0.0
1/10/2019 -- 14:52:37 - <Info> -- Downloading https://www.openinfosecfoundation.org/rules/index.yaml
1/10/2019 -- 14:52:39 - <Info> -- Saved /var/lib/suricata/update/cache/index.yaml

Expected:
./bin/suricata-update update-sources
1/10/2019 -- 14:52:37 - <Info> -- Downloading https://www.openinfosecfoundation.org/rules/index.yaml
1/10/2019 -- 14:52:39 - <Info> -- Saved /var/lib/suricata/update/cache/index.yaml

Since updating the sources does not depend on suricata config, local rules or suricata version, I think all this output should omitted.

Actions #1

Updated by Victor Julien about 5 years ago

  • Description updated (diff)
Actions #2

Updated by Victor Julien about 5 years ago

  • Affected Versions 1.1.0rc1 added

This is with 1.1.0rc1

Actions #3

Updated by Shivani Bhardwaj about 5 years ago

  • Status changed from New to Assigned
  • Priority changed from Normal to Urgent
  • Target version set to 1.1.0
Actions #4

Updated by Shivani Bhardwaj about 5 years ago

There's this hack that kinda works but it eats up any log messages even the error logs so not sure if its a good idea: https://github.com/shivan1b/suricata-update/commit/794c1e8a15f605828b1214d8e1aa0d71ddeae31a
Other solution would require some code refactoring such that the checks for the conf files do not happen if they are not required. This will take some time.

Actions #5

Updated by Jason Ish about 5 years ago

We should probably push this back til after 1.1.0. As Suricata-Update configures itself all at once, it will be a non-trivial change to have it just partially configure itself.

Even update-sources depends somewhat on the configuration, in particular the localstatedir of `suricata --build-info` to know where to push the sources file.

So to make this happen the configuration phase will need to be broken up to configure only whats needed for the specific operation. Which might be more effort than its worth.

Actions #6

Updated by Shivani Bhardwaj about 5 years ago

  • Target version changed from 1.1.0 to TBD
Actions #7

Updated by Shivani Bhardwaj about 5 years ago

  • Priority changed from Urgent to Normal
Actions #8

Updated by Shivani Bhardwaj about 4 years ago

  • Priority changed from Normal to Low
Actions #9

Updated by James Lagermann about 4 years ago

It probably does not make much difference but is this really a bug? All of my customer run Suricata-update on a stand alone host that does not have Suricata installed on it. The automation we setup uses command line options to point to the config file, manually define the Suricata version and define where to save the suricata.rules file. I log this information to audit their setups, however, it's not critical.

At a minimum, I would reclassify this change as a Task or Optimization, not a bug. Make your stats look better.

Actions #10

Updated by Shivani Bhardwaj about 4 years ago

  • Tracker changed from Bug to Optimization
  • Affected Versions deleted (1.1.0rc1)
Actions #11

Updated by Shivani Bhardwaj about 4 years ago

James Lagermann wrote in #note-9:

It probably does not make much difference but is this really a bug? All of my customer run Suricata-update on a stand alone host that does not have Suricata installed on it. The automation we setup uses command line options to point to the config file, manually define the Suricata version and define where to save the suricata.rules file. I log this information to audit their setups, however, it's not critical.

At a minimum, I would reclassify this change as a Task or Optimization, not a bug. Make your stats look better.

Thanks. Updated.

Actions #12

Updated by Jason Ish almost 3 years ago

I think the lines starting with Using can become debug. Its harder to decide about the warning that Suricata is not installed. If Suricata is installed, its going to determine where the index is saved. If Suricata is not installed, we're going to fallback to a well known default, unless an output directory is not installed.

Maybe we can also supporess the warning about Suricata not being installed, and making it more of a localized warning. For example, if we need the localstatedir location, AND Suricata is not installed, and no output directory is provided, then we log that we've made an assumption. Otherwise it should be quiet. Should be involved moving/adding some log statements and perhaps a few conditionals around it.

Actions

Also available in: Atom PDF