[Oisf-users] suricata.yaml
mex
mail at mare-system.de
Mon Oct 11 14:34:56 UTC 2010
>>
>> Coming to think of it, maybe it should be supported? Certainly makes it
>> easier for people who like to split their conf file
>
> Adding an include was on my mental to-do list. The other thing, which
> we had discussed sometime back was having an include statement right
> inside the rule files. That way suricata.yaml could just reference
> something like master.rules, and that would then include further
> rulesets. I had a need for that at one time, but not anymore.
>
> Jason
includes at least for the rules.conf would very handy, esp.
if one has to maintain many/different sensors.
i like and rely on the concept of having includes
for finetuning.
i maintain a cluster of sensors infront of webservers
that have a globally shared threshould/rules.conf and
a localrules/localthresh.conf for sensor-specific
adjustments.
thats easier to maintain in the long term.
regards, mex
More information about the Oisf-users
mailing list