[Oisf-users] Lua output: setting scripts-dir ignored
Karsten Hoffrath
maillists at khoffrath.de
Wed Dec 10 10:32:54 UTC 2014
Hi all,
i'm pulling data out of Suricata via the new Lua output interface.
Currently we are running version 2.1beta2 and noticed that the setting 'scripts-dir' doesn't work as expected.
Our scripts are stored in the folder /etc/suricata/lua-output, the relevant section from suricata.yaml:
- lua:
enabled: yes
scripts-dir: /etc/suricata/lua-output/
scripts:
- packet.lua
- alerts.lua
If we run suricata out of any other folder (e.g. /etc/suricata) we get the following errors:
root at host01:/etc/suricata# /bin/suricata -T /etc/suricata/suricata.yaml
10/12/2014 -- 11:25:01 - <Info> - Running suricata under test mode
10/12/2014 -- 11:25:01 - <Notice> - This is Suricata version 2.1beta2 RELEASE
10/12/2014 -- 11:25:01 - <Error> - [ERRCODE: SC_ERR_LUA_ERROR(212)] - couldn't load file: cannot open alerts.lua: No such file or directory
10/12/2014 -- 11:25:01 - <Error> - [ERRCODE: SC_ERR_LUA_ERROR(212)] - couldn't initialize scipt
10/12/2014 -- 11:25:01 - <Error> - [ERRCODE: SC_ERR_LUA_ERROR(212)] - couldn't load file: cannot open packet.lua: No such file or directory
10/12/2014 -- 11:25:01 - <Error> - [ERRCODE: SC_ERR_LUA_ERROR(212)] - couldn't initialize scipt
But if we run suricata out of the folder where the Lua scripts are stored, no errors show up and the scripts work as expected:
root at host01:/etc/suricata/lua-output# /bin/suricata -T /etc/suricata/suricata.yaml
10/12/2014 -- 11:28:48 - <Info> - Running suricata under test mode
10/12/2014 -- 11:28:48 - <Notice> - This is Suricata version 2.1beta2 RELEASE
Anything else we can try or should i raise a bug in the issue tracker?
Cheers,
Karsten
More information about the Oisf-users
mailing list