Project

General

Profile

Actions
Copy link

Support #3384

closed

Lua Script Debugging

Added by Taylor Walton over 4 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
4.1.5
Label:

Description

Hey Team,

I am curious if Suricata logs any debug info regarding Lua scripts it attempts to run. I found this blog post, https://www.abuseipdb.com/suricata, which provides a lua script that will submit api request to abuseipdb when an alert is fired, however, it does not appear to be working correctly. After I restart the Suricata engine, the log files abuseipdb_alert_reports.log and abuseipdb_custom_debug.log are created, which tells me suricata is reading the script, but I never see those logs populate, even after alerts fire. Is there any verbose debugging I can take advantage of to even see if Suricata is trying to run the script and what response, if any, I may be receiving from api.abuseipdb.com?

Thanks,

Taylor

Actions
Copy link
 #1

Updated by Victor Julien over 4 years ago

  • Tracker changed from Bug to Support
Actions
Copy link
 #2

Updated by Victor Julien over 4 years ago

You can add SCLogDebug/SCLogInfo/SCLogNotice statements to the lua script much like how you would do that in the Suricata code. E.g.

SCLogNotice("hello world");

Actions
Copy link
 #3

Updated by Andreas Herz over 3 years ago

  • Status changed from New to Closed

Hi, we're closing this issue since there have been no further responses.
If you think this bug is still relevant, try to test it again with the
most recent version of suricata and reopen the issue. If you want to
improve the bug report please take a look at
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs

Actions
Copy link

Also available in: Atom PDF