[Oisf-users] suricata.yaml
Victor Julien
victor at inliniac.net
Thu Oct 7 11:10:49 UTC 2010
mex wrote:
> Hi there,
>
> did not found much info on that,
> but is it possible to have includes in
> suricata.yaml?
>
> i'd like to have the single conf divided
> into different parts, esp. the rules - definitions
> excluded. i do this with snort.conf in the following
> way (inspired by the way debian splits up
> apache-config)
>
> snort.conf
>
> decoder.conf
> preprocessor.conf
> rules.conf
> threshold.conf
> output.conf
> snort_vars.conf
No, this is not possible with an "include"-like keyword.
You can point to your thresholding config using:
threshold-file: /etc/suricata/threshold.config
To the classification file using:
classification-file: /etc/suricata/classification.config
To rule files using:
rule-files:
- attack-responses.rules
>From the rule files only rules will be loaded. All other content is ignored.
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list