Bug #4330
Updated by Jason Ish about 2 months ago
<pre>
/opt/suritest/bin/suricata --dump-config |grep shanani
outputs.1.eve-log.types.4.files.force-hash.0 = shananigans
/opt/suritest/bin/suricata -S /dev/null -l logs/ --runmode=autofp -T
[2744673] 16/2/2021 -- 11:33:21 - (suricata.c:1616) <Info> (ParseCommandLine) -- Running suricata under test mode
[2744673] 16/2/2021 -- 11:33:21 - (suricata.c:1060) <Notice> (LogVersion) -- This is Suricata version 7.0.0-dev (6bfc5afa2 2021-02-13) running in SYSTEM mode
[2744673] 16/2/2021 -- 11:33:21 - (decode-erspan.c:55) <Warning> (DecodeERSPANConfig) -- [ERRCODE: SC_WARN_ERSPAN_CONFIG(329)] - ERSPAN Type I is no longer configurable and it is always enabled; ignoring configuration setting.
[2744673] 16/2/2021 -- 11:33:21 - (suricata.c:2775) <Notice> (SuricataMain) -- Configuration provided was successfully loaded. Exiting.
</pre>
Note that this is likely not an issue in the @--dump-config@ command, but rather that the file logger @force-hash@ configuration accepts unknown values, for example:
<pre>
- files:
force-magic: no # force logging magic on all logged files
# force logging of checksums, available hash functions are md5,
# sha1 and sha256
force-hash: [shanani]
</pre>
does not result in a startup error with @suricata -c /my/suricata.yaml -T@.