Optimization #3208
open
unnecessary output on 'update-sources'
Added by Victor Julien about 5 years ago.
Updated about 2 years ago.
Description
Got:
./bin/suricata-update update-sources
1/10/2019 -- 14:52:37 - <Warning> -- No suricata application binary found on path.
1/10/2019 -- 14:52:37 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml
1/10/2019 -- 14:52:37 - <Info> -- Using /etc/suricata/rules for Suricata provided rules.
1/10/2019 -- 14:52:37 - <Info> -- Using default Suricata version of 4.0.0
1/10/2019 -- 14:52:37 - <Info> -- Downloading https://www.openinfosecfoundation.org/rules/index.yaml
1/10/2019 -- 14:52:39 - <Info> -- Saved /var/lib/suricata/update/cache/index.yaml
Expected:
./bin/suricata-update update-sources
1/10/2019 -- 14:52:37 - <Info> -- Downloading https://www.openinfosecfoundation.org/rules/index.yaml
1/10/2019 -- 14:52:39 - <Info> -- Saved /var/lib/suricata/update/cache/index.yaml
Since updating the sources does not depend on suricata config, local rules or suricata version, I think all this output should omitted.
- Description updated (diff)
- Affected Versions 1.1.0rc1 added
- Status changed from New to Assigned
- Priority changed from Normal to Urgent
- Target version set to 1.1.0
We should probably push this back til after 1.1.0. As Suricata-Update configures itself all at once, it will be a non-trivial change to have it just partially configure itself.
Even update-sources depends somewhat on the configuration, in particular the localstatedir of `suricata --build-info` to know where to push the sources file.
So to make this happen the configuration phase will need to be broken up to configure only whats needed for the specific operation. Which might be more effort than its worth.
- Target version changed from 1.1.0 to TBD
- Priority changed from Urgent to Normal
- Priority changed from Normal to Low
It probably does not make much difference but is this really a bug? All of my customer run Suricata-update on a stand alone host that does not have Suricata installed on it. The automation we setup uses command line options to point to the config file, manually define the Suricata version and define where to save the suricata.rules file. I log this information to audit their setups, however, it's not critical.
At a minimum, I would reclassify this change as a Task or Optimization, not a bug. Make your stats look better.
- Tracker changed from Bug to Optimization
- Affected Versions deleted (
1.1.0rc1)
James Lagermann wrote in #note-9:
It probably does not make much difference but is this really a bug? All of my customer run Suricata-update on a stand alone host that does not have Suricata installed on it. The automation we setup uses command line options to point to the config file, manually define the Suricata version and define where to save the suricata.rules file. I log this information to audit their setups, however, it's not critical.
At a minimum, I would reclassify this change as a Task or Optimization, not a bug. Make your stats look better.
Thanks. Updated.
I think the lines starting with Using
can become debug. Its harder to decide about the warning that Suricata is not installed. If Suricata is installed, its going to determine where the index is saved. If Suricata is not installed, we're going to fallback to a well known default, unless an output directory is not installed.
Maybe we can also supporess the warning about Suricata not being installed, and making it more of a localized warning. For example, if we need the localstatedir
location, AND Suricata is not installed, and no output directory is provided, then we log that we've made an assumption. Otherwise it should be quiet. Should be involved moving/adding some log statements and perhaps a few conditionals around it.
Also available in: Atom
PDF