[Oisf-users] Lua output: setting scripts-dir ignored

Victor Julien lists at inliniac.net
Wed Dec 10 10:36:32 UTC 2014 

On 12/10/2014 11:32 AM, Karsten Hoffrath wrote:
> Hi all,
> 
> i'm pulling data out of Suricata via the new Lua output interface.
> Currently we are running version 2.1beta2 and noticed that the setting 'scripts-dir' doesn't work as expected.
> 
> Our scripts are stored in the folder /etc/suricata/lua-output, the relevant section from suricata.yaml:
> 
>   - lua:
>       enabled: yes
>       scripts-dir: /etc/suricata/lua-output/
>       scripts:
>         - packet.lua
>         - alerts.lua
> 
> If we run suricata out of any other folder (e.g. /etc/suricata) we get the following errors:
> 
> root at host01:/etc/suricata# /bin/suricata -T /etc/suricata/suricata.yaml
> 10/12/2014 -- 11:25:01 - <Info> - Running suricata under test mode
> 10/12/2014 -- 11:25:01 - <Notice> - This is Suricata version 2.1beta2 RELEASE
> 10/12/2014 -- 11:25:01 - <Error> - [ERRCODE: SC_ERR_LUA_ERROR(212)] - couldn't load file: cannot open alerts.lua: No such file or directory
> 10/12/2014 -- 11:25:01 - <Error> - [ERRCODE: SC_ERR_LUA_ERROR(212)] - couldn't initialize scipt
> 10/12/2014 -- 11:25:01 - <Error> - [ERRCODE: SC_ERR_LUA_ERROR(212)] - couldn't load file: cannot open packet.lua: No such file or directory
> 10/12/2014 -- 11:25:01 - <Error> - [ERRCODE: SC_ERR_LUA_ERROR(212)] - couldn't initialize scipt
> 
> 
> But if we run suricata out of the folder where the Lua scripts are stored, no errors show up and the scripts work as expected:
> 
> root at host01:/etc/suricata/lua-output# /bin/suricata -T /etc/suricata/suricata.yaml
> 10/12/2014 -- 11:28:48 - <Info> - Running suricata under test mode
> 10/12/2014 -- 11:28:48 - <Notice> - This is Suricata version 2.1beta2 RELEASE
> 
> 
> Anything else we can try or should i raise a bug in the issue tracker?

scripts-dir should 'script-dir', so without the S. Will likely change
this later as I think scripts-dir makes more sense.

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

More information about the Oisf-users mailing list