[Oisf-users] trying to get file logging working on 2.0.4

Peter Manev petermanev at gmail.com
Sun Jan 18 05:51:19 UTC 2015


On Fri, Jan 16, 2015 at 7:09 PM, Russell Fulton <r.fulton at auckland.ac.nz> wrote:
>
> On 16/01/2015, at 8:11 pm, Delta Yeh <delta.yeh at gmail.com> wrote:
>
>
>
> 2015-01-16 11:46 GMT+08:00 Russell Fulton <r.fulton at auckland.ac.nz>:
>>
>> I worked with Peter on this and then got interrupted by holiday and
>> finally got back to it today.
>>
>> It turns out to be a problem with the yaml:
>> this works:
>>   - file-store:
>>       enabled: yes      # set to yes to enable
>>       log-dir: files    # directory to store the files
>>       force-magic: no   # force logging magic on all stored files
>>       force-md5: no     # force logging of md5 checksums
>>       waldo: file.waldo # waldo file to store the file_id across runs
>>
>> this fails silently:
>>
>>   - file-store:
>>     enabled: yes      # set to yes to enable
>>     log-dir: files    # directory to store the files
>>     force-magic: no   # force logging magic on all stored files
>>     force-md5: no     # force logging of md5 checksums
>>     waldo: file.waldo # waldo file to store the file_id across runs
>>
>
>  Same config ?
>
>
> exactly — what is different is the indenting!!!
>
>

Thank you Russel for your feedback.
I am glad we pinpointed the issue and we managed to fix it - it is a
tough one to find.
suricata --dump-config
is your friend :) when it comes to confirming loaded config settings.

>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Training now available: http://suricata-ids.org/training/



-- 
Regards,
Peter Manev



More information about the Oisf-users mailing list