From: Bhagya Tholpady (bbantwal) Date: Tue, 4 Aug 2020 23:55:54 +0000 (+0000) Subject: Merge pull request #2366 in SNORT/snort3 from ~SVLASIUK/snort3:doc_dump_config to... X-Git-Tag: 3.0.2-4~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8df58a08f81c3e0facd306bb48fa7ecb6d540a64;p=thirdparty%2Fsnort3.git Merge pull request #2366 in SNORT/snort3 from ~SVLASIUK/snort3:doc_dump_config to master Squashed commit of the following: commit 31cb87855ea7b8e86d56f49b44a0b9125f15743a Author: Serhii Vlasiuk Date: Tue Jul 28 13:45:46 2020 +0300 doc: add documentation for dumping consolidated config in text format --- diff --git a/doc/user/CMakeLists.txt b/doc/user/CMakeLists.txt index b946dab85..f9ffde53e 100644 --- a/doc/user/CMakeLists.txt +++ b/doc/user/CMakeLists.txt @@ -11,6 +11,7 @@ set ( byte_test.txt concepts.txt connectors.txt + consolidated_config.txt daq.txt dcerpc.txt errors.txt diff --git a/doc/user/consolidated_config.txt b/doc/user/consolidated_config.txt new file mode 100644 index 000000000..12d4ef918 --- /dev/null +++ b/doc/user/consolidated_config.txt @@ -0,0 +1,55 @@ +Using Consolidated Config output enables troubleshooting of configuration issues. +The output contains applied configurations ( defaults and configured ) and is +printed for the main config and all included policies. +So far, Snort supports output in text format. + +==== Text Format + +The --dump-config-text option verifies the configuration and dumps it to stdout in text format. + +Example: + + consolidated config for snort.lua + binder[0].when.ips_policy_id=0 + binder[0].when.role='any' + binder[0].when.nets='10.1.2.0/24' + binder[0].use.action='inspect' + binder[1].when.ips_policy_id=0 + binder[1].when.role='any' + binder[1].when.nets='192.168.2.0/24' + binder[1].use.action='inspect' + host_cache.memcap=8.38861e+06 + network.checksum_drop='none' + network.checksum_eval='all' + network.max_ip_layers=0 + process.daemon=false + process.dirty_pig=false + process.utc=false + stream_tcp.flush_factor=0 + stream_tcp.max_window=0 + stream_tcp.overlap_limit=0 + stream_tcp.max_pdu=16384 + stream.footprint=0 + stream.ip_frags_only=false + trace.modules.appid.all=1 + trace.modules.detection.opt_tree=2 + trace.modules.detection.fp_search=4 + trace.modules.detection.rule_eval=1 + trace.modules.wizard.all=1 + trace.constraints.match=true + trace.constraints.dst_ip='10.1.1.2' + trace.constraints.dst_port=200 + trace.constraints.src_port=100 + trace.constraints.ip_proto=17 + trace.output='stdout' + wizard.spells[0].proto='tcp' + wizard.spells[0].client_first=true + wizard.spells[0].service='http' + wizard.spells[0].to_client[0].spell='HTTP/' + wizard.spells[0].to_server[0].spell='GET' + wizard.spells[1].proto='tcp' + wizard.spells[1].client_first=true + wizard.spells[1].service='sip' + wizard.spells[1].to_server[0].spell='INVITE' + +For lists, the index next to the option name designates an element parsing order. \ No newline at end of file diff --git a/doc/user/features.txt b/doc/user/features.txt index a9aa9bdb6..453d03102 100644 --- a/doc/user/features.txt +++ b/doc/user/features.txt @@ -32,6 +32,10 @@ include::byte_math.txt[] include::byte_options.txt[] +=== Consolidated Config + +include::consolidated_config.txt[] + === DCE Inspectors include::dcerpc.txt[]