[Oisf-users] YAML Includes Question
Cloherty, Sean E
scloherty at mitre.org
Fri Sep 21 20:47:56 UTC 2018
Hi -
I hope someone else has been using this feature and can lend me some advice. I tried to break out some sections of the Suricata.yaml file and had no luck. I wanted to have the network and port variables in a separate file. Networks change and it would be nice to just push out a new vars section by script all my servers.
I copied everything from "vars:" up to the next section and put that into its own file vars.yaml. In suricata.yaml I put in vars: include vars.yaml in the place it had been. That failed.
I've also tried vars: !include vars.yaml - that was in the docs, but I wasn't clear what was being negated or why. Either way, when I fire up Suricata (4.05) it gives all kinds of errors due to the vars not being defined.
Does the included file following the vars: head need to have the same vars: heading in it ? Does the full path need to be part of the include statement?
Sean Cloherty
Lead InfoSec Engineer/Scientist
MITRE Corporation
office (781) 271-3707
cell (781) 697-8043
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180921/4d8bad23/attachment.html>
More information about the Oisf-users
mailing list