https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022021-10-26T11:23:34ZOpen Information Security FoundationSuricata - Feature #4782: config: add command to dump all active settingshttps://redmine.openinfosecfoundation.org/issues/4782?journal_id=210712021-10-26T11:23:34ZVictor Julienvictor@inliniac.net
<ul><li><strong>Tracker</strong> changed from <i>Task</i> to <i>Feature</i></li></ul> Suricata - Feature #4782: config: add command to dump all active settingshttps://redmine.openinfosecfoundation.org/issues/4782?journal_id=210742021-10-26T12:48:58ZJason Ishjason.ish@oisf.net
<ul></ul><p>Exim was the tool that was brought up as an example, <code>exim -bP</code> dumps the active configuration, even if the config file is empty. It does have the benefit of a very flat, <code>key=val</code> configuration file format.</p> Suricata - Feature #4782: config: add command to dump all active settingshttps://redmine.openinfosecfoundation.org/issues/4782?journal_id=210752021-10-26T13:12:01ZVictor Julienvictor@inliniac.net
<ul></ul><p>I think postfix was another one that was brought up <a class="external" href="http://www.postfix.org/postconf.1.html">http://www.postfix.org/postconf.1.html</a></p> Suricata - Feature #4782: config: add command to dump all active settingshttps://redmine.openinfosecfoundation.org/issues/4782?journal_id=233762022-05-04T19:21:31ZJason Ishjason.ish@oisf.net
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-7 priority-4 priority-default" href="/issues/1911">Bug #1911</a>: Commandline provided configuration values don't persist after initial startup</i> added</li></ul> Suricata - Feature #4782: config: add command to dump all active settingshttps://redmine.openinfosecfoundation.org/issues/4782?journal_id=233772022-05-04T19:29:34ZJason Ishjason.ish@oisf.net
<ul></ul><p>Some thoughts on getting this done.</p>
<p>- All configuration needs to exist in a single datastore.<br />- This datastore can simply be a hard-coded YAML file that provides a complete fully default configuration.<br />- There also needs to be a "configuration" factory of sorts, as we have dynamic elements to our configuration. A common example of this is outputs, you can register multiple eve outputs so we can't hard code all these into a defualt configuration, but we can provide a default configuration for each eve logger, provided via a factory method of sorts.<br />- There also needs to be some precedence order to solve issue <a class="issue tracker-1 status-7 priority-4 priority-default" title="Bug: Commandline provided configuration values don't persist after initial startup (In Review)" href="https://redmine.openinfosecfoundation.org/issues/1911">#1911</a> in a more generic way. Where when getting a configuration value with a prefix, the "fixed" set of vars is checked first, this makes sure stuff on the command line always takes precedence over values in the configuration file.<br />- I'd like this "central datastore" of config to be its own Rust crate that could also be used independently of Suricata for working with the configuration. We can get this pretty much for free by keeping it in mind from the start.<br />- Modules should not fall back to hard coded configuration they did not get from the main config datastore. The hardcoded value should be put into the datastore.</p>
<p>This should allow one to dump the complete default configuration, as well as a running config, which is the default configuration with the loaded configuration layered on top. With every possible configurable value in the output.</p> Suricata - Feature #4782: config: add command to dump all active settingshttps://redmine.openinfosecfoundation.org/issues/4782?journal_id=237822022-06-13T19:38:09ZJason Ishjason.ish@oisf.net
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>In Progress</i></li><li><strong>Assignee</strong> set to <i>Jason Ish</i></li></ul><p>I now have a draft PR with some work towards this issue. Specically the comment here: <a class="external" href="https://github.com/OISF/suricata/pull/7528#issuecomment-1154352418">https://github.com/OISF/suricata/pull/7528#issuecomment-1154352418</a></p> Suricata - Feature #4782: config: add command to dump all active settingshttps://redmine.openinfosecfoundation.org/issues/4782?journal_id=271552023-03-24T16:56:52ZJason Ishjason.ish@oisf.net
<ul><li><strong>Related to</strong> <i><a class="issue tracker-5 status-5 priority-5 priority-high3 closed" href="/issues/5939">Task #5939</a>: config: deprecate multiple "include" statements at the same level</i> added</li></ul> Suricata - Feature #4782: config: add command to dump all active settingshttps://redmine.openinfosecfoundation.org/issues/4782?journal_id=315912023-12-14T14:56:29ZVictor Julienvictor@inliniac.net
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-2 priority-4 priority-default" href="/issues/1993">Feature #1993</a>: commandline: introduce --enable-all-outputs switch</i> added</li></ul> Suricata - Feature #4782: config: add command to dump all active settingshttps://redmine.openinfosecfoundation.org/issues/4782?journal_id=315932023-12-14T14:56:45ZVictor Julienvictor@inliniac.net
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-2 priority-3 priority-lowest" href="/issues/3636">Feature #3636</a>: eve: configuration options to enable all, none or just a default set of outputs</i> added</li></ul> Suricata - Feature #4782: config: add command to dump all active settingshttps://redmine.openinfosecfoundation.org/issues/4782?journal_id=315942023-12-14T14:58:08ZVictor Julienvictor@inliniac.net
<ul></ul><p>I've added relations to <a class="issue tracker-2 status-2 priority-4 priority-default" title="Feature: commandline: introduce --enable-all-outputs switch (Assigned)" href="https://redmine.openinfosecfoundation.org/issues/1993">#1993</a> and <a class="issue tracker-2 status-2 priority-3 priority-lowest" title="Feature: eve: configuration options to enable all, none or just a default set of outputs (Assigned)" href="https://redmine.openinfosecfoundation.org/issues/3636">#3636</a> as I think these would be much simpler to implement if built-in defaults would be "hard coded" yaml files. Enable all outputs would then just mean we select a different hard coded built-in default for outputs. Make sense?</p> Suricata - Feature #4782: config: add command to dump all active settingshttps://redmine.openinfosecfoundation.org/issues/4782?journal_id=324472024-02-08T17:00:40ZJason Ishjason.ish@oisf.net
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-1 priority-4 priority-default child" href="/issues/4781">Feature #4781</a>: config: add command to dump built-in config defaults</i> added</li></ul> Suricata - Feature #4782: config: add command to dump all active settingshttps://redmine.openinfosecfoundation.org/issues/4782?journal_id=324512024-02-08T17:01:17ZJason Ishjason.ish@oisf.net
<ul><li><strong>Related to</strong> <i><a class="issue tracker-5 status-2 priority-4 priority-default child" href="/issues/4762">Task #4762</a>: Suricon 2021 brainstorm</i> added</li></ul>