Bug 13646

Summary: suricata: Deprecated configuration syntax
Product: IPFire Reporter: Michael Tremer <michael.tremer>
Component: ---Assignee: Adolf Belka <adolf.belka>
Status: MODIFIED --- QA Contact:
Severity: - Unknown -    
Priority: - Unknown - CC: adolf.belka
Version: 2   
Hardware: unspecified   
OS: Unspecified   

Description Michael Tremer 2024-04-08 16:05:01 UTC
Suricata 7 logs a warning when parsing its configuration about something that will soon be removed:

> Apr  8 17:02:00 fw01 suricata: Multipline "include" fields at the same level are deprecated and will not work in Suricata 8, please move to an array of include files: line: 14
Comment 1 Michael Tremer 2024-09-10 16:50:46 UTC
*** Bug 13755 has been marked as a duplicate of this bug. ***
Comment 2 Adolf Belka 2024-12-10 11:26:12 UTC
I will pick this up.

I had a look at the manuals on suricata and on yaml and found that the change required is very simple.

Have made the change on a vm system and the IPS started up without any problems and included all the required files and no longer had the deprecation message.

I will submit a patch for this.

Suricata-7.x has been designed to work with yaml include arrays but will still accept the multiple single line includes but shows the deprecation notice if they are used.
So the patch can be put in with the existing suricata-7.x
Comment 4 Adolf Belka 2024-12-18 22:37:56 UTC
Patch has been merged into next and will be in CU191

https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=b0fd6b1fd53dcbe6fb7b539555969b891609d197