NAME

Ixchel::Actions::suricata_ouputs - Generate a outputs include for suricata.

VERSION

Version 0.2.0

CLI SYNOPSIS

ixchel -a suricata_outputs [-d <base_dir>] [-i <instance>]

ixchel -a suricata_outputs -w [-d <base_dir>] [-i <instance>] [--np]

CODE SYNOPSIS

use Data::Dumper;

my $results=$ixchel->action(action=>'suricata_outputs', opts=>{np=>1, w=>1, });

print Dumper($results);

DESCRIPTION

The template used is 'suricata_outputs'.

.suricata.enable_fastlog :: Perl boolean if to enable fastlog output.
    Default ::
    Map To :: .vars.enable_fastlog

.suricata.enable_syslog :: Perl boolean if to enable syslog output.
    Default :: 0
    Map To :: .vars.enable_syslog

.suricata.filestore_enable :: Perl boolean if to enable the filestore.
    Default :: 0
    Map To :: .vars.filestore_enable

.suricata.dhcp_in_alert_eve :: Perl boolean if DHCP type items should be in the alert eve.
    Default :: 0
    Map To :: .vars.dhcp_in_alert_eve

.suricata.config_base :: The variable used for controlling where the outputs.yaml
        file is created.

.suricata.enable_pcap_log :: Enable PCAP logging.
    Default :: 0
    Map To :: .vars.enable_pcap_log

The logging options are as below.

.suricata.logging.in_outputs :: Put the .logging section in the outputs include.
    Default :: 1
    Map To :: .vars.logging.in_outputs

.suricata.logging.level :: Value for .logging.default-log-level .
    Default :: notice
    Map To :: .vars.logging.level

.suricata.logging.console :: If enabled should be yes or no for the syslog console output.
    Default :: no
    Map To :: .vars.logging.console

.suricata.logging.file :: If enabled should be yes or no for the file logging output.
    Default :: yes
    Map To :: .vars.logging.file

.suricata.logging.file_level :: Value for level for the file output.
    Default :: info
    Map To :: .vars.logging.file_level

.suricata.logging.syslog :: If enabled should be yes or no for the syslog logging output.
    Default :: no
    Map To :: .vars.logging.syslog

.suricata.logging.syslog_facility :: Value for facility for syslog logging output.
    Default :: local5
    Map To :: .vars.logging.syslog_facility

.suricata.logging.syslog_format :: Value for format for syslog logging output.
    Default :: "[%i] <%d> -- "
    Map To :: .vars.logging.syslog_format

Multiinstance handling. Ixchel supports multiple Suricata instances on Linux. If .suricata.multi_instace is set to 1, then the following is done.

1: Instance vars are generated via first copying the ones above and then
   overwriting them with .suricata.instances.$instance.$var .

2: .vars.instance_part is set to "-$instance". If instances are not in use
   this value is ''.

3: .vars.instance_part2 is set to "$instance.". If instances are not in use
   this value is ''.

4: The output file is named  "outputs-$instance.yaml".

FLAGS

-w

Write the generated services to service files.

-i instance

A instance to operate on.

-d <base_dir>

Use this as the base dir instead of .suricata.config_base from the config.

RESULT HASH REF

.errors :: A array of errors encountered.
.status_text :: A string description of what was done and the results.
.ok :: Set to zero if any of the above errored.

To install Ixchel, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Ixchel

CPAN shell

perl -MCPAN -e shell
install Ixchel

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)