Feature #39
closedMaking Logging Configurable
Description
On a production sensor there probably isn't a need to have alert-debug.log, fast.log, unified, unified2 logs, stats.log and http.log all being logged. The logging options should be configurable by the user via the suricata.yaml file and via command line opts. This will be assigned as task.
Files
Updated by Jason Ish over 14 years ago
- File 0001-Use-the-configuration-file-to-setup-alert-logging-an.patch 0001-Use-the-configuration-file-to-setup-alert-logging-an.patch added
The following patch allows the alert outputs to be configured with the configuration file. One important note about the thread model is that all outputs run in the same thread now which is a little different from the current IdsPcap2 mode where most of the alert outputs are in their own thread.
The other modes will be updated as well in incremental patches to this.
An example of the configuration is:
outputs:
- fast:
enabled: yes
filename: fast.log- unified-log:
enabled: yes
filename: unified.logAnd you can specify the same output multiple times, but you would want to give them their own filename.
Updated by Jason Ish over 14 years ago
- File 0001-Use-the-configuration-file-to-setup-alert-logging-an.patch 0001-Use-the-configuration-file-to-setup-alert-logging-an.patch added
- File 0002-Configurable-alert-outputs-for-PF_RING-modes.patch 0002-Configurable-alert-outputs-for-PF_RING-modes.patch added
- File 0003-configurable-outputs-for-nfq-and-pcap-file.patch 0003-configurable-outputs-for-nfq-and-pcap-file.patch added
Patches for all run modes.
Updated by Jason Ish over 14 years ago
- Status changed from New to Resolved
These patches are now in the master.
Updated by Will Metcalf over 14 years ago
- Status changed from Resolved to Closed