[Oisf-users] classifications/references/rules directly in suricata.yaml
Victor Julien
lists at inliniac.net
Mon Mar 21 12:32:43 UTC 2016
On 21-03-16 13:19, elof2 at sentor.se wrote:
> What is the syntax if I want to put classifications/references/rules
> directly in the suricata.yaml file?
>
> Example:
> If I comment out the reference-config-file and add references manually,
> using the same syntax as in the file, suricata won't start.
>
> #reference-config-file: /usr/local/etc/suricata/reference.config
> config reference: bugtraq http://www.securityfocus.com/bid/
> config reference: bid http://www.securityfocus.com/bid/
> config reference: cve http://cve.mitre.org/cgi-bin/cvename.cgi?name=
> ...etc...
>
>
> Configuration node 'config reference' redefined.
> SC_ERR_CONF_YAML_ERRORESC - Failed to parse configuration file at line
> 1222: mapping values are not allowed in this context
>
>
>
> So what should the yaml look like when adding classifications,
> references or rules directly in suricata.yaml?
You can't.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list