[Oisf-users] Allowing empty rules file?
Duane Howard
duane.security at gmail.com
Thu Sep 19 16:14:03 UTC 2013
Yes, it did stop.
On Thu, Sep 19, 2013 at 12:25 AM, Peter Manev <petermanev at gmail.com> wrote:
> On Wed, Sep 18, 2013 at 7:10 PM, Duane Howard <duane.security at gmail.com>
> wrote:
> > Hey folks,
> >
> > I keep an empty rules file on my snort boxes for use with short lived or
> > temporary rules. Snort seems to be alright with loading an empty rules
> file,
> > but when I try to do the same on Suricata it complains with an Warning
> and
> > exits.
> >
> > me at mybox:~$suricata -T -l /tmp -c /etc/suricata/suricata.yaml
> > <snip>
> > 18/9/2013 -- 17:01:38 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No
> > rules loaded from /etc/suricata/rules/temp.rules
> >
> > Shouldn't a warning message be non-fatal? Why is attempting to load an
> empty
> > file bad?
>
> What do you mean "non-fatal" ? Suricata initialization did not stop ,
> correct?
>
> > The primary reason I do this is so that I don't need to change my
> > suricata.yaml config when swapping in and out these temporary rules.
> >
> > Currently on 1.4.2 RELEASE if that matters.
> >
> > Thanks!
> > ./d
>
>
>
> --
> Regards,
> Peter Manev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130919/b29b6fc1/attachment-0002.html>
More information about the Oisf-users
mailing list