[Oisf-users] About suricata-update tool
C. L. Martinez
carlopmart at gmail.com
Thu Apr 12 05:56:19 UTC 2018
Ok, many thanks Jason for your help.
On Thu, Apr 12, 2018 at 7:50 AM, Jason Ish <ish at unx.ca> wrote:
> On Wed, 2018-04-11 at 15:54 +0200, C. L. Martinez wrote:
> >
> > As you can see I have specified out directory with " -o
> > /opt/suricata/ids01/rules" option, but suricata-update returns:
> >
> > 11/4/2018 -- 13:40:43 - <Warning> -- Distribution rule directory not
> > found: /etc/suricata/rules
> >
> > Any idea why?
>
> There are some rules that only ship with Suricata. The RPMs, Debs and
> some other packages may install these by default to
> /etc/suricata/rules, these are the rules that are found in the "rules"
> directory in the Suricata source tree.
>
> Suricata-update tries to be smart and pull these in if they exist,
> which they probably won't when running on a machine without Suricata
> installed. What you could do is extract these rules from the Suricata
> release tarball and point Suricata-update at them with the --local
> parameter. You'll still get the warning, but they will be included.
>
> One thing we may want to look at doing is hosting these rules online to
> make it just work even if Suricata is not installed locally.
>
> Hope that helps,
> Jason
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180412/485e8738/attachment.html>
More information about the Oisf-users
mailing list