[Oisf-users] not finding rule files ??

Russell Fulton r.fulton at auckland.ac.nz
Sat Aug 17 21:58:29 UTC 2013 

from config file:

# Set the default rule path here to search for the files.                                                                                                                                                      
# if not set, it will look at the current working dir                                                                                                                                                          
default-rule-path: /home/sensors/test1/Rules
rule-files:
  -local.rules
  -snort.rules

sensors at secmontst01:~$ ls -l /home/sensors/test1/Rules
total 9928
-rw-r--r-- 1 sensors sensors    1743 Jul 17 23:34 local.rules
-rw-rw-r-- 1 sensors sensors  344168 Jul 28 10:04 sid-msg.map
-rw-rw-r-- 1 sensors sensors 8702533 Jul 18 00:40 snort-full.rules
-rw-r--r-- 1 sensors sensors 1099184 Jul 28 10:04 snort.rules
-rw-rw-r-- 1 sensors sensors    4553 Aug 18 09:47 threshold.conf

and when I start suricata I get:

Initialization syslog logging with format "[%i] <%d> -- ".
18/8/2013 -- 09:48:04 - <Info> - allocated 229376 bytes of memory for the defrag hash... 4096 buckets of size 56
18/8/2013 -- 09:48:04 - <Info> - preallocated 1000 defrag trackers of size 144
18/8/2013 -- 09:48:04 - <Info> - defrag memory usage: 373376 bytes, maximum: 16777216
18/8/2013 -- 09:48:04 - <Info> - AutoFP mode using default "Active Packets" flow load balancer
18/8/2013 -- 09:48:04 - <Info> - preallocated 1024 packets. Total memory 4362240
18/8/2013 -- 09:48:04 - <Info> - allocated 229376 bytes of memory for the host hash... 4096 buckets of size 56
18/8/2013 -- 09:48:04 - <Info> - preallocated 1000 hosts of size 120
18/8/2013 -- 09:48:04 - <Info> - host memory usage: 349376 bytes, maximum: 16777216
18/8/2013 -- 09:48:04 - <Info> - allocated 3670016 bytes of memory for the flow hash... 65536 buckets of size 56
18/8/2013 -- 09:48:04 - <Info> - preallocated 10000 flows of size 272
18/8/2013 -- 09:48:04 - <Info> - flow memory usage: 6390016 bytes, maximum: 33554432
18/8/2013 -- 09:48:04 - <Info> - IP reputation disabled
18/8/2013 -- 09:48:04 - <Info> - Delayed detect disabled
18/8/2013 -- 09:48:04 - <Info> - No signatures supplied.
18/8/2013 -- 09:48:04 - <Info> - Threshold config parsed: 14 rule(s) found
18/8/2013 -- 09:48:04 - <Info> - dropped the caps for main thread
18/8/2013 -- 09:48:04 - <Info> - fast output device (regular) initialized: fast.log
18/8/2013 -- 09:48:04 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
18/8/2013 -- 09:48:04 - <Info> - http-log output device (regular) initialized: http.log
18/8/2013 -- 09:48:04 - <Info> - Using 1.0 style configuration for pfring
18/8/2013 -- 09:48:04 - <Info> - Using round-robin cluster mode for PF_RING (iface eth2)
18/8/2013 -- 09:48:04 - <Info> - Going to use 1 ReceivePfring receive thread(s)
18/8/2013 -- 09:48:04 - <Info> - (RxPFR1) Using PF_RING v.5.5.3, interface eth2, cluster-id 99, single-pfring-thread

I know this was working at one time!  Clearly I have broken something :(



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130818/23f70983/attachment.html>

More information about the Oisf-users mailing list