[Oisf-users] suricata-update and path/files in config

T F tiago.faria.backups at gmail.com
Sat Jan 13 16:54:05 UTC 2018

Hi list,

I recently started using suricata-update, and I'm a bit unsure of how
this affects the configuration. As per the documentation [1], the
configuration file needs to be updated to reflect the path and file
created by suricata-update (which, also from the documentation, I
could understand it's all put in one single file, and management of
rules is done via disable.conf and enable.conf).

"default-rule-path: /var/lib/suricata/rules

  - suricata.rules"

Does this mean that the configuration for the rules that depend on
/etc/suricata/rules can be removed? My objective is to rely only on
suricata-update, and from what I understood from the Github page for
suricata-update [2], if I'm not relying on /etc/suricata/rules, that
part of the configuration can be removed.

AFAIK, when installing from repo, no files with rules are shipped, so
suricata will fail to load any of the files mentioned in the

[1] - http://suricata.readthedocs.io/en/latest/rule-management/suricata-update.html
[2] - https://github.com/OISF/suricata-update

More information about the Oisf-users mailing list