[Oisf-users] making progress on my suricata config but.. ;)

Peter Manev petermanev at gmail.com
Fri Sep 26 09:10:32 UTC 2014

On Tue, Sep 23, 2014 at 5:00 AM, Russell Fulton <r.fulton at auckland.ac.nz> wrote:
> I recently upgraded suri to 2.0.3 via the SO package.  ( I also got the right rule tarball eventually ;) I think...
> Naively I simply used my old config and I quickly noticed that a whole lot of rules were not triggering.  I discovered that there is now an app-layer section in the yaml file and copying that from SO supplied template resulted in a great improvement.
> One question:  Is there a definitive list of all the options in the yaml file.  I have been using https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricatayaml but this does not have app-layer: nor does it have host:.  I also note that in my rule directory for 2.0.3 there is a 1.3-suricata.yaml but no 2.0.3.  How can I check that I really have the right tarball?  If I don't then that would explain the odd error that I reported earlier with a rule generating errors.

One way to do it -  have a look at the ChangeLog file in the tar ball.

> I now have one obvious hole: none of the udp signatures are being triggered.
> Is there anything that I could have broken in the config that would disable all udp rules?
> Russell
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/

Peter Manev

More information about the Oisf-users mailing list