Possible bug report: wrong loglevel naming in config generation leads to incorrect suricata.yaml
-
The symptom was all suricata interfaces not starting anymore and producing no logs beside one "starting" info in the syslog.
Executing/usr/local/bin/suricata -i ixl0 -c /usr/local/etc/suricata_1827_ixl0/suricata.yamlbrought up
<ERROR> - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Invalid Log level: errIn the config outputs.syslog.level was set to "err". changing it to "error" manually and rerunning the command worked fine.
This value was set through the Web-GUI under Global Settings -> General Settings -> Log Priority.
The dropdown menu offers the value ERR, which when selected leads to the above behaviour.
The Error is 100% reproducible by switching between ERR and some other value.
This was double checked by testing on following versions:- pfsense CE 2.7.0 Stable Release + suricata 6.0.13
- pfsense CE 2.6.0 Stable Release + suricata 6.0.4_1
What do you think, is there some mistake on my side I could have missed, or is this a bug in the suricata package?
If it is, where am I supposed to file an issue?Thanks in advance
Laurenz -
Sounds like perhaps the values the Suricata binary expects to see for that parameter in
suricata.yamlmight have changed since that area of code was originally written.I will check into it, and if necessary, include a fix in the next package update. I have several identified issues to clean up, but waiting a few more days to see what else might be reported.
Thank you for the report.
-
This issue is corrected in a forthcoming package update. I've posted a Pull Request for review and merging by the Netgate developer team here: https://github.com/pfsense/FreeBSD-ports/pull/1313. Look for a new 7.0.2 package version to appear soon.
