[Oisf-users] Allowing empty rules file?

Peter Manev petermanev at gmail.com
Thu Sep 19 07:25:18 UTC 2013


On Wed, Sep 18, 2013 at 7:10 PM, Duane Howard <duane.security at gmail.com> wrote:
> Hey folks,
>
> I keep an empty rules file on my snort boxes for use with short lived or
> temporary rules. Snort seems to be alright with loading an empty rules file,
> but when I try to do the same on Suricata it complains with an Warning and
> exits.
>
> me at mybox:~$suricata -T -l /tmp -c /etc/suricata/suricata.yaml
> <snip>
> 18/9/2013 -- 17:01:38 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No
> rules loaded from /etc/suricata/rules/temp.rules
>
> Shouldn't a warning message be non-fatal? Why is attempting to load an empty
> file bad?

What do you mean "non-fatal" ? Suricata initialization did not stop , correct?

> The primary reason I do this is so that I don't need to change my
> suricata.yaml config when swapping in and out these temporary rules.
>
> Currently on 1.4.2 RELEASE if that matters.
>
> Thanks!
> ./d



-- 
Regards,
Peter Manev



More information about the Oisf-users mailing list