Optimization #3208
openunnecessary output on 'update-sources'
Description
Got:
./bin/suricata-update update-sources 1/10/2019 -- 14:52:37 - <Warning> -- No suricata application binary found on path. 1/10/2019 -- 14:52:37 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml 1/10/2019 -- 14:52:37 - <Info> -- Using /etc/suricata/rules for Suricata provided rules. 1/10/2019 -- 14:52:37 - <Info> -- Using default Suricata version of 4.0.0 1/10/2019 -- 14:52:37 - <Info> -- Downloading https://www.openinfosecfoundation.org/rules/index.yaml 1/10/2019 -- 14:52:39 - <Info> -- Saved /var/lib/suricata/update/cache/index.yaml
Expected:
./bin/suricata-update update-sources 1/10/2019 -- 14:52:37 - <Info> -- Downloading https://www.openinfosecfoundation.org/rules/index.yaml 1/10/2019 -- 14:52:39 - <Info> -- Saved /var/lib/suricata/update/cache/index.yaml
Since updating the sources does not depend on suricata config, local rules or suricata version, I think all this output should omitted.
Updated by Shivani Bhardwaj about 5 years ago
- Status changed from New to Assigned
- Priority changed from Normal to Urgent
- Target version set to 1.1.0
Updated by Shivani Bhardwaj about 5 years ago
There's this hack that kinda works but it eats up any log messages even the error logs so not sure if its a good idea: https://github.com/shivan1b/suricata-update/commit/794c1e8a15f605828b1214d8e1aa0d71ddeae31a
Other solution would require some code refactoring such that the checks for the conf files do not happen if they are not required. This will take some time.
Updated by Jason Ish about 5 years ago
We should probably push this back til after 1.1.0. As Suricata-Update configures itself all at once, it will be a non-trivial change to have it just partially configure itself.
Even update-sources depends somewhat on the configuration, in particular the localstatedir of `suricata --build-info` to know where to push the sources file.
So to make this happen the configuration phase will need to be broken up to configure only whats needed for the specific operation. Which might be more effort than its worth.
Updated by Shivani Bhardwaj about 5 years ago
- Target version changed from 1.1.0 to TBD
Updated by Shivani Bhardwaj about 5 years ago
- Priority changed from Urgent to Normal
Updated by Shivani Bhardwaj about 4 years ago
- Priority changed from Normal to Low
Updated by James Lagermann about 4 years ago
It probably does not make much difference but is this really a bug? All of my customer run Suricata-update on a stand alone host that does not have Suricata installed on it. The automation we setup uses command line options to point to the config file, manually define the Suricata version and define where to save the suricata.rules file. I log this information to audit their setups, however, it's not critical.
At a minimum, I would reclassify this change as a Task or Optimization, not a bug. Make your stats look better.
Updated by Shivani Bhardwaj about 4 years ago
- Tracker changed from Bug to Optimization
- Affected Versions deleted (
1.1.0rc1)
Updated by Shivani Bhardwaj about 4 years ago
James Lagermann wrote in #note-9:
It probably does not make much difference but is this really a bug? All of my customer run Suricata-update on a stand alone host that does not have Suricata installed on it. The automation we setup uses command line options to point to the config file, manually define the Suricata version and define where to save the suricata.rules file. I log this information to audit their setups, however, it's not critical.
At a minimum, I would reclassify this change as a Task or Optimization, not a bug. Make your stats look better.
Thanks. Updated.
Updated by Jason Ish almost 3 years ago
I think the lines starting with Using
can become debug. Its harder to decide about the warning that Suricata is not installed. If Suricata is installed, its going to determine where the index is saved. If Suricata is not installed, we're going to fallback to a well known default, unless an output directory is not installed.
Maybe we can also supporess the warning about Suricata not being installed, and making it more of a localized warning. For example, if we need the localstatedir
location, AND Suricata is not installed, and no output directory is provided, then we log that we've made an assumption. Otherwise it should be quiet. Should be involved moving/adding some log statements and perhaps a few conditionals around it.