[Oisf-users] config testing

Edward Fjellskål edwardfjellskaal at gmail.com
Mon Feb 13 09:09:07 UTC 2012

There might be a "new and improved" way to do this, but here is a
snippet from more or less how I checked it:

$ENGINE --runmode single -c $SURIYAML -r $TESTPCAP
ERRORS=`grep "ERRCODE:" $SURILOGDIR/suricata.log | wc -l`
if [ $ERRORS != 0 ]; then
   grep "ERRCODE:" $SURILOGDIR/suricata.log
   exit 1


On Sun, Feb 12, 2012 at 8:23 PM, toasty <toastyguy at gmail.com> wrote:
> Hi, has anyone come across a way to validate a [suricata.yaml] config
> kind of like how snort had the -T option? Tried looking around for
> this some, and while there might be something in the unit tests,
> figured asking might quicker than going through them all...
> ...use-case I have in mind is for when doing automated updates, and
> wanting to test that a new ruleset won't result in just killing the
> sensor (would rather have it tell me that it was not going to work).
> Thanks!
> --james
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

Edward Bjarte Fjellskål
Senior Security Analyst

More information about the Oisf-users mailing list