[Oisf-users] suricata.yaml
Anoop Saldanha
poonaatsoc at gmail.com
Fri Oct 8 17:40:07 UTC 2010
On Thu, Oct 7, 2010 at 4:40 PM, Victor Julien <victor at inliniac.net> wrote:
> mex wrote:
> > Hi there,
> >
> > did not found much info on that,
> > but is it possible to have includes in
> > suricata.yaml?
> >
> > i'd like to have the single conf divided
> > into different parts, esp. the rules - definitions
> > excluded. i do this with snort.conf in the following
> > way (inspired by the way debian splits up
> > apache-config)
> >
> > snort.conf
> >
> > decoder.conf
> > preprocessor.conf
> > rules.conf
> > threshold.conf
> > output.conf
> > snort_vars.conf
>
> No, this is not possible with an "include"-like keyword.
>
> You can point to your thresholding config using:
> threshold-file: /etc/suricata/threshold.config
>
> To the classification file using:
> classification-file: /etc/suricata/classification.config
>
> To rule files using:
>
> rule-files:
> - attack-responses.rules
>
> >From the rule files only rules will be loaded. All other content is
> ignored.
>
> Cheers,
> Victor
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
Coming to think of it, maybe it should be supported? Certainly makes it
easier for people who like to split their conf file
--
Regards,
Anoop Saldanha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20101008/3cefbb69/attachment-0002.html>
More information about the Oisf-users
mailing list