[Oisf-users] About suricata-update tool
Jason Ish
ish at unx.ca
Tue Apr 10 16:03:19 UTC 2018
On Tue, Apr 10, 2018 at 6:56 AM, C. L. Martinez <carlopmart at gmail.com>
wrote:
> Hi all,
>
> Why suricata is a requirement to run suricata-udpate? Is it not possible
> to use it standalone? For example, if you need to update rules for serveral
> suricata sensors, do I need to install suricata-update in every one? Is it
> not possible to use a "central server" to update all suricata nodes?...
>
>
Suircata-update should work fine without Suricata being installed. If its
not, please provide more detail as what is going wrong. It could be
something that is fixed in git-master but hasn't been released yet.
With Suricata installed you get a few "helper" features that you may not
want if distributing the resulting rules anyways. These include:
- Rules that you do not have the app-layer enabled for will be disabled.
This prevents a warning on Suricata startup (or fatal error if
--init-errors-fatal is set).
- Rule URLs that use a Suricata version will have the version automatically
set (you can use the --suricata-version option).
- Vars used in rules will be verifiid against the suricata.yaml.
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180410/d8d63657/attachment.html>
More information about the Oisf-users
mailing list