[Oisf-users] Allowing empty rules file?

Duane Howard duane.security at gmail.com
Wed Sep 18 17:10:47 UTC 2013

Hey folks,

I keep an empty rules file on my snort boxes for use with short lived or
temporary rules. Snort seems to be alright with loading an empty rules
file, but when I try to do the same on Suricata it complains with an
Warning and exits.

me at mybox:~$suricata -T -l /tmp -c /etc/suricata/suricata.yaml
18/9/2013 -- 17:01:38 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No
rules loaded from /etc/suricata/rules/temp.rules

Shouldn't a warning message be non-fatal? Why is attempting to load an
empty file bad?
The primary reason I do this is so that I don't need to change my
suricata.yaml config when swapping in and out these temporary rules.

Currently on 1.4.2 RELEASE if that matters.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130918/f533c041/attachment.html>

More information about the Oisf-users mailing list