I am struggling to find a way to test the validity of some suricata config file.
Let’s say I have the following condiguration suricata.yaml file:
outputs: - eve-log: enabled: yuhu abcd: toto filetype: titi filename: eve.json
IMO this file should be considered invalid for several reasons (enabled should expect boolean value, abcd is unknown field, titi is not in the list of possible values for filetype)
If I run:
suricata -T suricata.yaml
suricata -c suricata.yaml --dump-config
Neither of this command return non zero status code or write anything that could potentially indicate that the configuration is invalid. Is it the expected behavior? Am I missing something?