Project

General

Profile

Actions

Optimization #3406

closed

filestore rules are loaded without warning when filestore is not enabled

Added by Peter Manev about 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Not sure what is best - warning or to handle it similar to https://redmine.openinfosecfoundation.org/issues/3204.

pevma@DonPedro:~/Work/Suricata/QA/tmp$ cat test-fs.rules 
alert http any any -> any any (msg:"test http filestore"; file.name; content:".exe"; filestore; sid:10; rev:1;)

pevma@DonPedro:~/Work/Suricata/QA/tmp$ sudo /opt/suritest/bin/suricata -T -S test-fs.rules 
[1305249] 11/12/2019 -- 12:18:49 - (suricata.c:1905) <Info> (ParseCommandLine) -- Running suricata under test mode
[1305249] 11/12/2019 -- 12:18:49 - (suricata.c:1083) <Notice> (LogVersion) -- This is Suricata version 5.0.1-dev (eceb7dcba 2019-12-10) running in SYSTEM mode
[1305249] 11/12/2019 -- 12:18:50 - (suricata.c:3060) <Notice> (main) -- Configuration provided was successfully loaded. Exiting.

pevma@DonPedro:~/Work/Suricata/QA/tmp$ sudo /opt/suritest/bin/suricata --dump-config |grep store
outputs.5 = tls-store
outputs.5.tls-store = (null)
outputs.5.tls-store.enabled = no
outputs.12 = file-store
outputs.12.file-store = (null)
outputs.12.file-store.version = 2
outputs.12.file-store.enabled = no
outputs.12.file-store.xff = (null)
outputs.12.file-store.xff.enabled = no
outputs.12.file-store.xff.mode = extra-data
outputs.12.file-store.xff.deployment = reverse
outputs.12.file-store.xff.header = X-Forwarded-For
outputs.13 = file-store
outputs.13.file-store = (null)
outputs.13.file-store.enabled = no
pevma@DonPedro:~/Work/Suricata/QA/tmp$ 

Actions

Also available in: Atom PDF