[Oisf-users] Allowing empty rules file?
Duane Howard
duane.security at gmail.com
Wed Sep 18 17:10:47 UTC 2013
Hey folks,
I keep an empty rules file on my snort boxes for use with short lived or
temporary rules. Snort seems to be alright with loading an empty rules
file, but when I try to do the same on Suricata it complains with an
Warning and exits.
me at mybox:~$suricata -T -l /tmp -c /etc/suricata/suricata.yaml
<snip>
18/9/2013 -- 17:01:38 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No
rules loaded from /etc/suricata/rules/temp.rules
Shouldn't a warning message be non-fatal? Why is attempting to load an
empty file bad?
The primary reason I do this is so that I don't need to change my
suricata.yaml config when swapping in and out these temporary rules.
Currently on 1.4.2 RELEASE if that matters.
Thanks!
./d
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130918/f533c041/attachment.html>
More information about the Oisf-users
mailing list