[Oisf-users] trying to get file logging working on 2.0.4
Peter Manev
petermanev at gmail.com
Sun Jan 18 05:51:19 UTC 2015
On Fri, Jan 16, 2015 at 7:09 PM, Russell Fulton <r.fulton at auckland.ac.nz> wrote:
>
> On 16/01/2015, at 8:11 pm, Delta Yeh <delta.yeh at gmail.com> wrote:
>
>
>
> 2015-01-16 11:46 GMT+08:00 Russell Fulton <r.fulton at auckland.ac.nz>:
>>
>> I worked with Peter on this and then got interrupted by holiday and
>> finally got back to it today.
>>
>> It turns out to be a problem with the yaml:
>> this works:
>> - file-store:
>> enabled: yes # set to yes to enable
>> log-dir: files # directory to store the files
>> force-magic: no # force logging magic on all stored files
>> force-md5: no # force logging of md5 checksums
>> waldo: file.waldo # waldo file to store the file_id across runs
>>
>> this fails silently:
>>
>> - file-store:
>> enabled: yes # set to yes to enable
>> log-dir: files # directory to store the files
>> force-magic: no # force logging magic on all stored files
>> force-md5: no # force logging of md5 checksums
>> waldo: file.waldo # waldo file to store the file_id across runs
>>
>
> Same config ?
>
>
> exactly — what is different is the indenting!!!
>
>
Thank you Russel for your feedback.
I am glad we pinpointed the issue and we managed to fix it - it is a
tough one to find.
suricata --dump-config
is your friend :) when it comes to confirming loaded config settings.
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Training now available: http://suricata-ids.org/training/
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list