[Oisf-users] YAML Includes Question

Cloherty, Sean E scloherty at mitre.org
Fri Sep 21 20:47:56 UTC 2018

Hi -

I hope someone else has been using this feature and can lend me some advice.  I tried to break out some sections of the Suricata.yaml file and had no luck. I wanted to have the network and port variables in a separate file.  Networks change and it would be nice to just push out a new vars section by script all my servers.

I copied everything from "vars:" up to the next section and put that into its own file vars.yaml.  In suricata.yaml I put in vars: include vars.yaml in the place it had been.  That failed.

I've also tried vars: !include vars.yaml - that was in the docs, but I wasn't clear what was being negated or why.  Either way, when I fire up Suricata (4.05) it gives all kinds of errors due to the vars not being defined.

Does the included file following the vars: head need to have the same vars: heading in it ?  Does the full path need to be part of the include statement?

Sean Cloherty
Lead InfoSec Engineer/Scientist
MITRE Corporation
office (781) 271-3707
cell      (781) 697-8043

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180921/4d8bad23/attachment.html>

More information about the Oisf-users mailing list