aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc/userguide: document include files

Browse Source 
Document how to use include files, plus add a deprecation notice on
the use of multiple "include" statements.
pull/8945/head
Jason Ish 2 years ago committed by Victor Julien
parent a71dee5516
commit 5af73b3879
3 changed files with 63 additions and 0 deletions
Show Stats Download Patch File Download Diff File

56
doc/userguide/configuration/includes.rst
Unescape Escape View File

@ -0,0 +1,56 @@
.. _includes:
Includes
========
A Suricata configuration file (typically
``/etc/suricata/suricata.yaml``) may include other files allowing a
configuration file to be broken into multiple files. The *special*
field name ``include`` is used to include one or more files.
The contents of the *include* file are inlined at the level of the
``include`` statement. *Include* fields may also be included at any
level within a mapping.
Including a Single File
-----------------------
::
include: filename.yaml
Including Multiple Files
------------------------
::
include:
- filename1.yaml
- filename2.yaml
Include Inside a Mapping
------------------------
::
vars:
address-groups:
include: address-groups.yaml
where ``address-groups.yaml`` contains::
%YAML 1.1
---
HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"
is the equivalent of::
vars:
address-groups:
HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"
.. note:: Suricata versions less than 7 required multiple ``include``
statements to be specified to include more than one file. While
Suricata 7.0 still supports this it will issue a deprecation
warning. Suricata 8.0 will not allow multiple ``include``
statements at the same level as this is not allowed by YAML.

1
doc/userguide/configuration/index.rst
Unescape Escape View File

@ -11,3 +11,4 @@ Configuration
dropping-privileges dropping-privileges
landlock landlock
systemd-notify systemd-notify
includes

6
doc/userguide/upgrade.rst
Unescape Escape View File

@ -61,6 +61,12 @@ Logging changes
in the values ``proto`` in ``eve.json`` log entries and other logs containing protocol names and values. in the values ``proto`` in ``eve.json`` log entries and other logs containing protocol names and values.
See https://redmine.openinfosecfoundation.org/issues/4267 for more information. See https://redmine.openinfosecfoundation.org/issues/4267 for more information.
Deprecations
~~~~~~~~~~~~
- Multiple "include" fields in the configuration file will now issue a
warning and in Suricata 8.0 will not be supported. See
:ref:`includes` for documentation on including multiple files.
Other changes Other changes
~~~~~~~~~~~~~ ~~~~~~~~~~~~~
- NSS is no longer required. File hashing and JA3 can now be used without the NSS compile time dependency. - NSS is no longer required. File hashing and JA3 can now be used without the NSS compile time dependency.

Write Preview
Loading…
Cancel
Save