[Oisf-users] config testing
Victor Julien
victor at inliniac.net
Tue Feb 14 08:44:17 UTC 2012
You can add the --init-errors-fatal option as well. Still requires you
to pass the pcap though.
Cheers,
Victor
On 02/14/2012 01:13 AM, toasty wrote:
> E,
> Thanks - I think using a basic pcap pretty well does what I was hoping!
>
> --james
>
> On Mon, Feb 13, 2012 at 9:09 AM, Edward Fjellskål
> <edwardfjellskaal at gmail.com> wrote:
>> There might be a "new and improved" way to do this, but here is a
>> snippet from more or less how I checked it:
>>
>> ----8<----
>> ....
>> rm $SURILOGDIR/*
>> $ENGINE --runmode single -c $SURIYAML -r $TESTPCAP
>> ERRORS=`grep "ERRCODE:" $SURILOGDIR/suricata.log | wc -l`
>> if [ $ERRORS != 0 ]; then
>> grep "ERRCODE:" $SURILOGDIR/suricata.log
>> exit 1
>> fi
>> ....
>> ----8<----
>>
>>
>> E
>>
>>
>>
>> On Sun, Feb 12, 2012 at 8:23 PM, toasty <toastyguy at gmail.com> wrote:
>>> Hi, has anyone come across a way to validate a [suricata.yaml] config
>>> kind of like how snort had the -T option? Tried looking around for
>>> this some, and while there might be something in the unit tests,
>>> figured asking might quicker than going through them all...
>>>
>>> ...use-case I have in mind is for when doing automated updates, and
>>> wanting to test that a new ruleset won't result in just killing the
>>> sensor (would rather have it tell me that it was not going to work).
>>>
>>> Thanks!
>>>
>>>
>>> --james
>>> _______________________________________________
>>> Oisf-users mailing list
>>> Oisf-users at openinfosecfoundation.org
>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>>
>>
>> --
>> Edward Bjarte Fjellskål
>> Senior Security Analyst
>> http://www.gamelinux.org/
>
>
>
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list