[Oisf-users] app-layer-events.rules file doesn't get updated?
Caesar Samsi
cmsamsi at hotmail.com
Sun Jun 12 18:08:06 UTC 2016
Hi there,
I just noted this now when I included some sid from that file and found they were still not commented out by # for the rules that were intended to be disabled.
I’ve filled the file with random text and found that after an Oinkmaster update, the contents of the file doesn’t change (would have expected to be overwritten by rules, so it makes sense that they rule doesn’t get disabled.
I’ve checked suricate.yaml and see that the rule file is included in the proper section.
What would cause this?
Thank you, Caesar.
More information about the Oisf-users
mailing list