[Oisf-users] Include a file in configuration

Yasha Zislin coolyasha at hotmail.com
Tue Jun 24 18:17:07 UTC 2014

The command line option might work. Is there a limit how long the variable can be when passed with command line option?

Or maybe there is another solution to my original problem. This variable contains a list of IPs. My goal is to avoid any alerts for these IPs since they get blocked completely by something else but Suricata still sees this traffic. So I've created a variable and set my external net to be !home_net and !myvariable. This way traffic from these IPs is treated as home traffic and no alerts get triggered.

If there is another way of doing this exclusion, I am welcome to suggestions.

Thanks Jason.

> Date: Tue, 24 Jun 2014 09:44:52 -0600
> Subject: Re: [Oisf-users] Include a file in configuration
> From: lists at unx.ca
> To: coolyasha at hotmail.com
> CC: oisf-users at lists.openinfosecfoundation.org
> On Mon, Jun 23, 2014 at 10:21 AM, Yasha Zislin <coolyasha at hotmail.com> wrote:
> > I am trying to figure out if there is a way to include a separate file in
> > configuration for Suricata.
> > Specifically I want to include a variable (address-groups) which is stored
> > somewhere else.
> >
> > The goal is to allow non-admin user to modify this variable without touching
> > the main config file.
> Unfortunately what you want to do can't be accomplished with an
> include file at this time.  It looks like you want to have a second
> config file that looks like:
> %YAML 1.1
> ---
> vars:
>   address-groups:
>     USER_VAR: "[]"
> and have it merged into the address-groups in the main configuration
> file?  At this time, subsequent nodes of the same name wipe out the
> previous one, so depending on where you put your include statement,
> you will end up with the vars section from the include file or the
> main file, but not a merge of them.  YAML does have support for a
> merge, but its supported by Suricata at this time.
> Another option is to set a variable on the command line, for example:
> suricata -c suricata.yaml --set vars.address-groups.HOME_NET="[]"
> this will override the HOME_NET setting in the configuration.  Wrap
> this up in a script that pulls the value in from an external file?
> Hope that helps,
> Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140624/3b498fd9/attachment-0002.html>

More information about the Oisf-users mailing list