[Oisf-users] config testing

toasty toastyguy at gmail.com
Tue Feb 14 00:13:10 UTC 2012


E,
    Thanks - I think using a basic pcap pretty well does what I was hoping!

--james

On Mon, Feb 13, 2012 at 9:09 AM, Edward Fjellskål
<edwardfjellskaal at gmail.com> wrote:
> There might be a "new and improved" way to do this, but here is a
> snippet from more or less how I checked it:
>
> ----8<----
> ....
> rm $SURILOGDIR/*
> $ENGINE --runmode single -c $SURIYAML -r $TESTPCAP
> ERRORS=`grep "ERRCODE:" $SURILOGDIR/suricata.log | wc -l`
> if [ $ERRORS != 0 ]; then
>   grep "ERRCODE:" $SURILOGDIR/suricata.log
>   exit 1
> fi
> ....
> ----8<----
>
>
> E
>
>
>
> On Sun, Feb 12, 2012 at 8:23 PM, toasty <toastyguy at gmail.com> wrote:
>> Hi, has anyone come across a way to validate a [suricata.yaml] config
>> kind of like how snort had the -T option? Tried looking around for
>> this some, and while there might be something in the unit tests,
>> figured asking might quicker than going through them all...
>>
>> ...use-case I have in mind is for when doing automated updates, and
>> wanting to test that a new ruleset won't result in just killing the
>> sensor (would rather have it tell me that it was not going to work).
>>
>> Thanks!
>>
>>
>> --james
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
>
> --
> Edward Bjarte Fjellskål
> Senior Security Analyst
> http://www.gamelinux.org/



-- 
--james



More information about the Oisf-users mailing list