[Oisf-users] YAML Includes Question

Peter Manev petermanev at gmail.com
Tue Oct 16 07:19:57 UTC 2018


On Tue, Oct 9, 2018 at 9:20 PM Cloherty, Sean E <scloherty at mitre.org> wrote:
>
> HI Peter –
>
>
>
> Sorry for the late reply - I forgot to follow up on this.
>
>
>
> It turned out that I had not been putting the files in the right path and then I moved the file and the filename was one character off.
>

Glad it is sorted out!

>
>
> Thanks,
>
>
>
> Sean
>
>
>
> From: Peter Manev <petermanev at gmail.com>
> Sent: Sunday, September 23, 2018 11:42 AM
> To: Cloherty, Sean E <scloherty at mitre.org>
> Cc: oisf-users at lists.openinfosecfoundation.org
> Subject: Re: [Oisf-users] YAML Includes Question
>
>
>
>
>
>
> On 21 Sep 2018, at 22:47, Cloherty, Sean E <scloherty at mitre.org> wrote:
>
> Hi –
>
>
>
> I hope someone else has been using this feature and can lend me some advice.  I tried to break out some sections of the Suricata.yaml file and had no luck. I wanted to have the network and port variables in a separate file.  Networks change and it would be nice to just push out a new vars section by script all my servers.
>
>
>
> I copied everything from “vars:” up to the next section and put that into its own file vars.yaml.  In suricata.yaml I put in vars: include vars.yaml in the place it had been.  That failed.
>
>
>
>
>
> Can you please share that conf file(and the errs it subsequently generates) - I can try to help out.
>
>
>
> Feel free to share privately  or mask out the networks - either way it’s good for me.
>
>
>
>
>
> I’ve also tried vars: !include vars.yaml – that was in the docs, but I wasn’t clear what was being negated or why.  Either way, when I fire up Suricata (4.05) it gives all kinds of errors due to the vars not being defined.
>
>
>
> Does the included file following the vars: head need to have the same vars: heading in it ?  Does the full path need to be part of the include statement?
>
>
>
>
>
> Sean Cloherty
>
> Lead InfoSec Engineer/Scientist
>
> MITRE Corporation
>
> office (781) 271-3707
>
> cell      (781) 697-8043
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/



-- 
Regards,
Peter Manev


More information about the Oisf-users mailing list