Project

General

Profile

Actions
Copy link

Task #7494

open

log: Suricata log level should be "error" when testing Suricata configuration

Added by Jason Ish 6 days ago. Updated 6 days ago.

Status:
In Progress
Priority:
Normal
Assignee:
Jason Ish
Target version:
1.3.5
Effort:
Difficulty:
Label:

Description

Currently when testing the Suricata configuration the Suricata log level is set to "warning". This results with a warning message even if "-q" is provided to Suricata-Update and can cause noise when running from cron, or using output to signify an error. For example, the following can be see currently:

15/1/2025 -- 09:36:30 - <Warning> -- rule 3321277: ja3.hash should not be used together with nocase, since the rule is automatically lowercased anyway which makes nocase redundant.

which can fill cron email boxes with non-critical errors.

Ideally only fatal errors that cause Suricata to fail the reload should emit anything when -q is used.

Actions
Copy link
 #1

Updated by Jason Ish 6 days ago

  • Status changed from Assigned to In Progress
Actions
Copy link

Also available in: Atom PDF