[Oisf-users] Suricata-update 1.0.0 messages
Shivani Bhardwaj
shivanib134 at gmail.com
Mon Nov 26 16:13:02 UTC 2018
Hello!
On Mon, Nov 12, 2018 at 7:19 AM Russell Fulton <r.fulton at auckland.ac.nz> wrote:
>
>
> I get the following warnings from suricata-update:
>
> 12/11/2018 -- 14:41:46 - <Info> -- Checking https://sslbl.abuse.ch/blacklist/sslblacklist.rules.md5.
> 12/11/2018 -- 14:41:48 - <Warning> -- Failed to check remote checksum: HTTP Error 503: Connection timed out
> 12/11/2018 -- 14:41:48 - <Info> -- Fetching https://sslbl.abuse.ch/blacklist/sslblacklist.rules.
> 12/11/2018 -- 14:41:50 - <Warning> -- Failed to fetch https://sslbl.abuse.ch/blacklist/sslblacklist.rules, will use latest cached version: HTTP Error 503: Connection timed out
> …….
> 12/11/2018 -- 14:41:50 - <Info> -- Loading local file /var/lib/suricata/rules/local.rules
> 12/11/2018 -- 14:41:50 - <Warning> -- No distribution rule directory found.
>
>
> I first disabled the sslbl source and then removed it but I still get these messages?
>
Could you please tell how did you try to disable and remove it?
Usually the commands disable-source and remove-source work out well.
> I am puzzled about the "distribution rule directory” what is it? I am guessing that it is related to the fact that I use file:// to load by ET rules.
>
Distribution rule directory is the directory where the rule files
provided by the Suricata distribution are kept (defaults to:
/etc/suricata/rules).
> Russell
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
--
Shivani
https://about.me/shivani.bhardwaj
More information about the Oisf-users
mailing list