Suricata issue once test the suricata.yaml configuration

Help
1

Dear team

Would you please help me with the below error message

18/8/2022 – 11:29:32 - - [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol sip enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.
18/8/2022 – 11:29:32 - - [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol mqtt enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.
18/8/2022 – 11:29:32 - - [ERRCODE: SC_ERR_CONF_YAML_ERROR(242)] - App-Layer protocol rdp enable status not set, so enabling by default. This behavior will change in Suricata 7, so please update your config. See ticket #4744 for more details.

Best regards

2

You can fix these errors by editing you suricata.yaml configuration file app-layer: section

Under protocols: , make sure that the above protocols are enabled, example

mqtt:
  enabled: yes

Make sure to restart suricata after editing the file

3

test
test1846×348 108 KB

yaml file
yaml file853×704 66.8 KB

Hi IDSTower

Thank you for your speedy response

After following the steps that you recommended, the issue still persists

Best regards

4

Hi,

There are 2 sections within the configuration file that contain protocol-specific enablement

  • Output
  • App-layer

The first controls whether the protocols are logged while the second controls whether the protocols are enabled for application layer parsing.

The error/warning messages refer to the app-layer controls. The settings you changed are in the output section.

5

Hi Jeff

The issue is resolved, thank you for your support :slightly_smiling_face:

Shall i remove the settings that i have modified in the output section

6

Keep them if you want those protocols transactions in addition to alerts, otherwise remove them.

7

Good day

Well noted, thank you IDS Tower