[Oisf-users] sourcing rules from local tarball with suricata-update
Jason Ish
ish at unx.ca
Mon Mar 26 21:39:22 UTC 2018
Hi Russel,
On 2018-03-26 03:30 PM, Russell Fulton wrote:
> Hi Floks
>
> I thought I had asked this before but I can’t find the post or the answer so if this is a repeat then my apologies.
>
> I am trying to figure out how to get suricata-update to use a local tarball as a rule source. I have quite a few sensors and all are in private address space without access to the Internet. I push the rule files out to the sensors using puppet which then triggers the update process.
You can use the "add-source" option. The synopsis is "suricata-update
add-source <name> <url>". So you could do something like:
suricata-update add-source custom-local file:///tmp/rules.tar.gz
Of course that could be an http URL as well.
Hope that helps,
Jason
More information about the Oisf-users
mailing list