[Oisf-users] About suricata-update tool

Jason Ish ish at unx.ca
Tue Apr 10 16:03:19 UTC 2018

On Tue, Apr 10, 2018 at 6:56 AM, C. L. Martinez <carlopmart at gmail.com>

> Hi all,
>  Why suricata is a requirement to run suricata-udpate? Is it not possible
> to use it standalone? For example, if you need to update rules for serveral
> suricata sensors, do I need to install suricata-update in every one? Is it
> not possible to use a "central server" to update all suricata nodes?...
Suircata-update should work fine without Suricata being installed. If its
not, please provide more detail as what is going wrong. It could be
something that is fixed in git-master but hasn't been released yet.

With Suricata installed you get a few "helper" features that you may not
want if distributing the resulting rules anyways. These include:

- Rules that you do not have the app-layer enabled for will be disabled.
This prevents a warning on Suricata startup (or fatal error if
--init-errors-fatal is set).
- Rule URLs that use a Suricata version will have the version automatically
set (you can use the --suricata-version option).
- Vars used in rules will be verifiid against the suricata.yaml.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180410/d8d63657/attachment.html>

More information about the Oisf-users mailing list