The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.
 / 
Ixchel-0.12.2
River stage zero No dependents
++
/ Ixchel::Actions::suricata_outputs

NAME

Ixchel::Actions::suricata_ouputs - Generate a outputs include for suricata.

VERSION

Version 0.2.0

CLI SYNOPSIS

ixchel -a suricata_outputs [-d <base_dir>] [-i <instance>]

ixchel -a suricata_outputs -w [-d <base_dir>] [-i <instance>] [--np]

CODE SYNOPSIS

    use Data::Dumper;

    my $results=$ixchel->action(action=>'suricata_outputs', opts=>{np=>1, w=>1, });

    print Dumper($results);

DESCRIPTION

The template used is 'suricata_outputs'.

    .suricata.enable_fastlog :: Perl boolean if to enable fastlog output.
        Default ::
        Map To :: .vars.enable_fastlog

    .suricata.enable_syslog :: Perl boolean if to enable syslog output.
        Default :: 0
        Map To :: .vars.enable_syslog

    .suricata.filestore_enable :: Perl boolean if to enable the filestore.
        Default :: 0
        Map To :: .vars.filestore_enable

    .suricata.dhcp_in_alert_eve :: Perl boolean if DHCP type items should be in the alert eve.
        Default :: 0
        Map To :: .vars.dhcp_in_alert_eve

    .suricata.config_base :: The variable used for controlling where the outputs.yaml
            file is created.

    .suricata.enable_pcap_log :: Enable PCAP logging.
        Default :: 0
        Map To :: .vars.enable_pcap_log

The logging options are as below.

    .suricata.logging.in_outputs :: Put the .logging section in the outputs include.
        Default :: 1
        Map To :: .vars.logging.in_outputs

    .suricata.logging.level :: Value for .logging.default-log-level .
        Default :: notice
        Map To :: .vars.logging.level

    .suricata.logging.console :: If enabled should be yes or no for the syslog console output.
        Default :: no
        Map To :: .vars.logging.console

    .suricata.logging.file :: If enabled should be yes or no for the file logging output.
        Default :: yes
        Map To :: .vars.logging.file

    .suricata.logging.file_level :: Value for level for the file output.
        Default :: info
        Map To :: .vars.logging.file_level

    .suricata.logging.syslog :: If enabled should be yes or no for the syslog logging output.
        Default :: no
        Map To :: .vars.logging.syslog

    .suricata.logging.syslog_facility :: Value for facility for syslog logging output.
        Default :: local5
        Map To :: .vars.logging.syslog_facility

    .suricata.logging.syslog_format :: Value for format for syslog logging output.
        Default :: "[%i] <%d> -- "
        Map To :: .vars.logging.syslog_format

Multiinstance handling. Ixchel supports multiple Suricata instances on Linux. If .suricata.multi_instace is set to 1, then the following is done.

    1: Instance vars are generated via first copying the ones above and then
       overwriting them with .suricata.instances.$instance.$var .

    2: .vars.instance_part is set to "-$instance". If instances are not in use
       this value is ''.

    3: .vars.instance_part2 is set to "$instance.". If instances are not in use
       this value is ''.

    4: The output file is named  "outputs-$instance.yaml".

FLAGS

-w

Write the generated services to service files.

-i instance

A instance to operate on.

-d <base_dir>

Use this as the base dir instead of .suricata.config_base from the config.

RESULT HASH REF

    .errors :: A array of errors encountered.
    .status_text :: A string description of what was done and the results.
    .ok :: Set to zero if any of the above errored.