[Oisf-users] config testing

Edward Fjellskål edwardfjellskaal at gmail.com
Mon Feb 13 09:09:07 UTC 2012


There might be a "new and improved" way to do this, but here is a
snippet from more or less how I checked it:

----8<----
....
rm $SURILOGDIR/*
$ENGINE --runmode single -c $SURIYAML -r $TESTPCAP
ERRORS=`grep "ERRCODE:" $SURILOGDIR/suricata.log | wc -l`
if [ $ERRORS != 0 ]; then
   grep "ERRCODE:" $SURILOGDIR/suricata.log
   exit 1
fi
....
----8<----


E



On Sun, Feb 12, 2012 at 8:23 PM, toasty <toastyguy at gmail.com> wrote:
> Hi, has anyone come across a way to validate a [suricata.yaml] config
> kind of like how snort had the -T option? Tried looking around for
> this some, and while there might be something in the unit tests,
> figured asking might quicker than going through them all...
>
> ...use-case I have in mind is for when doing automated updates, and
> wanting to test that a new ruleset won't result in just killing the
> sensor (would rather have it tell me that it was not going to work).
>
> Thanks!
>
>
> --james
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users



-- 
Edward Bjarte Fjellskål
Senior Security Analyst
http://www.gamelinux.org/



More information about the Oisf-users mailing list