[Oisf-users] About suricata-update tool
Jason Ish
ish at unx.ca
Thu Apr 12 05:50:54 UTC 2018
On Wed, 2018-04-11 at 15:54 +0200, C. L. Martinez wrote:
>
> As you can see I have specified out directory with " -o
> /opt/suricata/ids01/rules" option, but suricata-update returns:
>
> 11/4/2018 -- 13:40:43 - <Warning> -- Distribution rule directory not
> found: /etc/suricata/rules
>
> Any idea why?
There are some rules that only ship with Suricata. The RPMs, Debs and
some other packages may install these by default to
/etc/suricata/rules, these are the rules that are found in the "rules"
directory in the Suricata source tree.
Suricata-update tries to be smart and pull these in if they exist,
which they probably won't when running on a machine without Suricata
installed. What you could do is extract these rules from the Suricata
release tarball and point Suricata-update at them with the --local
parameter. You'll still get the warning, but they will be included.
One thing we may want to look at doing is hosting these rules online to
make it just work even if Suricata is not installed locally.
Hope that helps,
Jason
More information about the Oisf-users
mailing list