[Oisf-users] Include a file in configuration
Jason Ish
lists at unx.ca
Tue Jun 24 15:44:52 UTC 2014
On Mon, Jun 23, 2014 at 10:21 AM, Yasha Zislin <coolyasha at hotmail.com> wrote:
> I am trying to figure out if there is a way to include a separate file in
> configuration for Suricata.
> Specifically I want to include a variable (address-groups) which is stored
> somewhere else.
>
> The goal is to allow non-admin user to modify this variable without touching
> the main config file.
Unfortunately what you want to do can't be accomplished with an
include file at this time. It looks like you want to have a second
config file that looks like:
%YAML 1.1
---
vars:
address-groups:
USER_VAR: "[10.1.2.3/32]"
and have it merged into the address-groups in the main configuration
file? At this time, subsequent nodes of the same name wipe out the
previous one, so depending on where you put your include statement,
you will end up with the vars section from the include file or the
main file, but not a merge of them. YAML does have support for a
merge, but its supported by Suricata at this time.
Another option is to set a variable on the command line, for example:
suricata -c suricata.yaml --set vars.address-groups.HOME_NET="[24.0.0.0/8]"
this will override the HOME_NET setting in the configuration. Wrap
this up in a script that pulls the value in from an external file?
Hope that helps,
Jason
More information about the Oisf-users
mailing list