detect/filestore: Warn if req'd feature missing

author Jeff Lucovsky <jeff@lucovsky.org>

Fri, 20 Dec 2019 00:50:30 +0000 (19:50 -0500)

committer Victor Julien <victor@inliniac.net>

Tue, 18 Feb 2020 15:23:32 +0000 (16:23 +0100)
author Jeff Lucovsky <jeff@lucovsky.org>
Fri, 20 Dec 2019 00:50:30 +0000 (19:50 -0500)
committer Victor Julien <victor@inliniac.net>
Tue, 18 Feb 2020 15:23:32 +0000 (16:23 +0100)
diff --git a/src/detect-filestore.c b/src/detect-filestore.c

index 614579634fb274703b4ebb7420823c7fb8452422..385ba20306352f5fb67b688f1dec2cdb048880c5 100644 (file)
--- a/src/detect-filestore.c
+++ b/src/detect-filestore.c
@@ -35,6 +35,8 @@
  #include "detect-engine-mpm.h"
  #include "detect-engine-state.h"
  
+#include "feature.h"
+
  #include "flow.h"
  #include "flow-var.h"
  #include "flow-util.h"
@@ -322,6 +324,24 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
  {
      SCEnter();
  
+    static bool warn_not_configured = false;
+    static uint32_t de_version = 0;
+
+    /* Check on first-time loads (includes following a reload) */
+    if (!warn_not_configured || (de_ctx->version != de_version)) {
+        if (de_version != de_ctx->version) {
+            SCLogDebug("reload-detected; re-checking feature presence; DE version now %"PRIu32,
+                       de_ctx->version);
+        }
+        if (!RequiresFeature(FEATURE_OUTPUT_FILESTORE)) {
+            SCLogWarning(SC_WARN_ALERT_CONFIG, "One or more rule(s) depends on the "
+                         "file-store output log which is not enabled. "
+                         "Enable the output \"file-store\".");
+        }
+        warn_not_configured = true;
+        de_version = de_ctx->version;
+    }
+
      DetectFilestoreData *fd = NULL;
      SigMatch *sm = NULL;
      char *args[3] = {NULL,NULL,NULL};
author	Jeff Lucovsky <jeff@lucovsky.org>
	Fri, 20 Dec 2019 00:50:30 +0000 (19:50 -0500)
committer	Victor Julien <victor@inliniac.net>
	Tue, 18 Feb 2020 15:23:32 +0000 (16:23 +0100)