Suricata 7 logs a warning when parsing its configuration about something that will soon be removed: > Apr 8 17:02:00 fw01 suricata: Multipline "include" fields at the same level are deprecated and will not work in Suricata 8, please move to an array of include files: line: 14
*** Bug 13755 has been marked as a duplicate of this bug. ***
I will pick this up. I had a look at the manuals on suricata and on yaml and found that the change required is very simple. Have made the change on a vm system and the IPS started up without any problems and included all the required files and no longer had the deprecation message. I will submit a patch for this. Suricata-7.x has been designed to work with yaml include arrays but will still accept the multiple single line includes but shows the deprecation notice if they are used. So the patch can be put in with the existing suricata-7.x
Patch submitted to dev mailing list and into patchwork https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/thread/UJ27WTZRNXCEJSB5INO5ZT5INSBCYM5I/ https://patchwork.ipfire.org/project/ipfire/list/?series=4651
Patch has been merged into next and will be in CU191 https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=b0fd6b1fd53dcbe6fb7b539555969b891609d197