Allow user to log detailed rule report #301
Conversation
Add a `--report <filename>` option so that the end user is able to log a report about the rules enabled, disabled, modified and dropped. Usage ``` $ ./bin/suricata-update --report /tmp/rules.log ``` Sample Report ``` Suricata-Update Summary - Thursday, 24 Mar 2022, 13:20:30 Summary ======= Rules disabled by disable.conf: 148 Rules enabled by enable.conf: 0 Rules modified by modify.conf: 0 Rules converted to drop: 0 Rules enabled for flowbit dependencies: 131 Rules added: 274 Rules removed: 17 Rules modified: 1721 Added Rules ----------- [1:2500036] ET COMPROMISED Known Compromised or Hostile Host Traffic group 19 (compromised.rules) [1:2500038] ET COMPROMISED Known Compromised or Hostile Host Traffic group 20 (compromised.rules) ``` Ticket: 2256
|
Hello don't know if this already exists but why not also adding to the logging if the update happened successfully or not ?I think this would be a nice addition |
|
Success is reported by the exit status, so there are a few way to achieve this. If using If not using Alternatively, the output could be redirected to a file, then the log checked for "Warning" or "Error" messages. Ultimately the best solution probably depends on how you wish to be notified of errors. But I believe Suricata-Update provides enough for the reporting of the errors already. |
Add a
--report <filename>option so that the end user is able to log areport about the rules enabled, disabled, modified and dropped.
Usage
Sample Report
Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/2256
Previous PR: #300
Changes since v9: