From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Fri, 20 Dec 2019 00:50:30 +0000 (-0500)
Subject: detect/filestore: Warn if req'd feature missing
X-Git-Tag: suricata-6.0.0-beta1~731
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cf840c37b3bdeaa54758ef8b4a967970d921a4cf;p=thirdparty%2Fsuricata.git

detect/filestore: Warn if req'd feature missing
---

diff --git a/src/detect-filestore.c b/src/detect-filestore.c
index 614579634f..385ba20306 100644
--- a/src/detect-filestore.c
+++ b/src/detect-filestore.c
@@ -35,6 +35,8 @@
 #include "detect-engine-mpm.h"
 #include "detect-engine-state.h"
 
+#include "feature.h"
+
 #include "flow.h"
 #include "flow-var.h"
 #include "flow-util.h"
@@ -322,6 +324,24 @@ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
 {
     SCEnter();
 
+    static bool warn_not_configured = false;
+    static uint32_t de_version = 0;
+
+    /* Check on first-time loads (includes following a reload) */
+    if (!warn_not_configured || (de_ctx->version != de_version)) {
+        if (de_version != de_ctx->version) {
+            SCLogDebug("reload-detected; re-checking feature presence; DE version now %"PRIu32,
+                       de_ctx->version);
+        }
+        if (!RequiresFeature(FEATURE_OUTPUT_FILESTORE)) {
+            SCLogWarning(SC_WARN_ALERT_CONFIG, "One or more rule(s) depends on the "
+                         "file-store output log which is not enabled. "
+                         "Enable the output \"file-store\".");
+        }
+        warn_not_configured = true;
+        de_version = de_ctx->version;
+    }
+
     DetectFilestoreData *fd = NULL;
     SigMatch *sm = NULL;
     char *args[3] = {NULL,NULL,NULL};