Feature #1520: multitenancy - verbose output clarity - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #1520

closed

multitenancy - verbose output clarity

Added by Peter Manev over 9 years ago. Updated 12 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Jeff Lucovsky

Target version:

8.0.0-beta1

Effort:

Difficulty:

Label:

Beginner

Description

Using Suricata version 2.1dev (rev 834c366) and multitenancy.

If and when in verbose mode (-v) it is not easy to understand which tenant has loaded which rules for example:

[3110] 26/7/2015 -- 19:55:44 - (detect-engine.c:1810) <Info> (DetectLoaderFuncLoadTenant) -- loader 0
[3110] 26/7/2015 -- 19:55:44 - (reputation.c:620) <Info> (SRepInit) -- IP reputation disabled
[3110] 26/7/2015 -- 19:55:44 - (detect.c:411) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/botcc.rules
[3111] 26/7/2015 -- 19:55:44 - (detect-engine.c:1810) <Info> (DetectLoaderFuncLoadTenant) -- loader 1
[3111] 26/7/2015 -- 19:55:44 - (reputation.c:620) <Info> (SRepInit) -- IP reputation disabled
[3111] 26/7/2015 -- 19:55:44 - (detect.c:411) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/botcc.rules
[3110] 26/7/2015 -- 19:55:44 - (detect.c:411) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/ciarmy.rules
...
...
[3111] 26/7/2015 -- 19:55:48 - (detect.c:411) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/modbus-events.rules
[3111] 26/7/2015 -- 19:55:48 - (detect.c:411) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/app-layer-events.rules
[3111] 26/7/2015 -- 19:55:48 - (detect.c:520) <Info> (SigLoadSignatures) -- 49 rule files processed. 16658 rules successfully loaded, 0 rules failed
[3110] 26/7/2015 -- 19:55:48 - (detect.c:411) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/decoder-events.rules
[3110] 26/7/2015 -- 19:55:48 - (detect.c:411) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/stream-events.rules
[3110] 26/7/2015 -- 19:55:48 - (detect.c:411) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/http-events.rules
[3110] 26/7/2015 -- 19:55:48 - (detect.c:411) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/smtp-events.rules
[3110] 26/7/2015 -- 19:55:48 - (detect.c:411) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/dns-events.rules
[3110] 26/7/2015 -- 19:55:48 - (detect.c:411) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/tls-events.rules
[3110] 26/7/2015 -- 19:55:48 - (detect.c:411) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/modbus-events.rules
[3110] 26/7/2015 -- 19:55:48 - (detect.c:411) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/app-layer-events.rules
[3110] 26/7/2015 -- 19:55:48 - (detect.c:520) <Info> (SigLoadSignatures) -- 49 rule files processed. 16658 rules successfully loaded, 0 rules failed
[3111] 26/7/2015 -- 19:55:48 - (detect.c:2975) <Info> (SigAddressPrepareStage1) -- 16666 signatures processed. 989 are IP-only rules, 6019 are inspecting packet payload, 12446 inspect application layer, 72 are decoder event only
[3111] 26/7/2015 -- 19:55:48 - (detect.c:2978) <Info> (SigAddressPrepareStage1) -- building signature grouping structure, stage 1: preprocessing rules... complete
[3110] 26/7/2015 -- 19:55:48 - (detect.c:2975) <Info> (SigAddressPrepareStage1) -- 16666 signatures processed. 989 are IP-only rules, 6019 are inspecting packet payload, 12446 inspect application layer, 72 are decoder event only
[3110] 26/7/2015 -- 19:55:48 - (detect.c:2978) <Info> (SigAddressPrepareStage1) -- building signature grouping structure, stage 1: preprocessing rules... complete