[Oisf-users] Config options discrepancies between suricata.yaml and ConfNodeLookupChildValue() in the source.
Nikolay Denev
ndenev at gmail.com
Thu Feb 16 14:16:32 UTC 2012
Hi,
I've noticed that there are some discrepancies regarding the config options that are in the default suricata.yaml file, that
I guess most people use as a starting point to modify for their needs. For example I've tried to set the pcap logging to use only 10 files and rotate them,
and I noticed that this didn't work. I've found that the source uses "ConfNodeLookupChildValue(conf, "max-files");" to get the number of files, but suricata.yaml
has "max_files", so this option is not parsed.
I see other similar mixups of dashes and underscores like :
/usr/local/etc/suricata/suricata.yaml: use_stream_depth: no #If set to "yes" packets seen after reaching stream inspection depth are ignored. "no" logs all packets
./log-pcap.c: use_stream_depth = ConfNodeLookupChildValue(conf, "use-stream-depth");
./log-pcap.c: s_dir = ConfNodeLookupChildValue(conf, "sguil-base-dir");
./log-pcap.c: s_dir = ConfNodeLookupChildValue(conf, "sguil_base_dir");
ts-format and ts_format…
I can try to prepare a patch for these when I have free time, if it's clear what should be the convention: underscore or dash.
P.S. running suricata-1.2.1 release
More information about the Oisf-users
mailing list