/ 
Ixchel-0.5.0
/ Ixchel::Actions::suricata_include

NAME

Ixchel::Actions::suricata_include - Generates the instance specific include for a suricata instance.

VERSION

Version 0.1.0

SYNOPSIS

use Data::Dumper;

my $results=$ixchel->action(action=>'suricata_include', opts=>{np=>1, w=>1, });

print Dumper($results);

DESCRIPTION

This generates a the general purpose include for Suricata.

The include is generated by first reading in the values under .suricata.config and then if multiple instances are enabled, then .suricata.instances.$instance is merged into it. Arrays are replaced with the new array while the rest are just merged using Hash::Merge with the spec below.

{
    'SCALAR' => {
        'SCALAR' => sub { $_[1] },
        'ARRAY'  => sub { [ $_[0], @{ $_[1] } ] },
        'HASH'   => sub { $_[1] },
    },
    'ARRAY' => {
        'SCALAR' => sub { $_[1] },
        'ARRAY'  => sub { [ @{ $_[1] } ] },
        'HASH'   => sub { $_[1] },
    },
    'HASH' => {
        'SCALAR' => sub { $_[1] },
        'ARRAY'  => sub { [ values %{ $_[0] }, @{ $_[1] } ] },
        'HASH'   => sub { Hash::Merge::_merge_hashes( $_[0], $_[1] ) },
    },
}

If told to write it out, it will be written out to undef .suricata.config_base with the name "include.yaml" or "include-$instance.yaml" if multiple instances are in use.

FLAGS

--np

Do not print the status of it.

-w

Write the generated services to service files.

-i instance

A instance to operate on.

-d <base_dir>

Use this as the base dir instead of .suricata.config_base from the config.

RESULT HASH REF

.errors :: A array of errors encountered.
.status_text :: A string description of what was done and teh results.
.ok :: Set to zero if any of the above errored.