[Oisf-users] Properly installing Suricata-Update on latest version of Suricata

419telegraph298 at protonmail.com 419telegraph298 at protonmail.com
Sun Feb 10 18:22:43 UTC 2019 

Thanks for the suggestion - I was able to launch auto update with  ~/.local/bin/suricata-update



It created a separate rules file from my default at /etc/suricata/rules and then ran into an error:

10/2/2019 -- 18:17:54 - <Info> -- Creating directory /var/lib/suricata/rules.
10/2/2019 -- 18:17:54 - <Info> -- Backing up current rules.
10/2/2019 -- 18:17:55 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 26952; enabled: 19552; added: 26952; removed 0; modified: 0
10/2/2019 -- 18:17:56 - <Info> -- Testing with suricata -T.
10/2/2019 -- 18:19:11 - <Error> -- [ERRCODE: SC_ERR_MEM_ALLOC(1)] - SCMalloc failed: Cannot allocate memory, while trying to allocate 16131584 bytes
10/2/2019 -- 18:19:13 - <Error> -- [ERRCODE: SC_ERR_FATAL(171)] - Out of memory. The engine cannot be initialized. Exiting...
10/2/2019 -- 18:19:16 - <Error> -- Suricata test failed, aborting.
10/2/2019 -- 18:19:16 - <Error> -- Restoring previous rules.




Sent from ProtonMail, encrypted email based in Switzerland.

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, February 7, 2019 8:08 PM, Jason Ish <jason.ish at oisf.net> wrote:

> On 2019-02-07 7:02 p.m., 419telegraph298 at protonmail.com wrote:
>
> > Dear Shivani,
> > Thank you for your help, I ran a sudo nano bashsrc and added PATH=/home/pi/.local/bin:$PATH to the file and then saved it, ran "pip install --upgrade suricata-update", said that it installed successfully but still have not been able to the program to run from command line.
>
> Did you try logging out then back in again? You could also enter this
> on the command line to activate the path update immediately:
>
> export PATH=/home/pi/.local/bin:$PATH
>
> Then try again. Or call suricata-update with its full path, which for
> you looks like it might be:
>
> ~/.local/bin/suricata-update
>
> Hope that helps,
> Jason
>
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/

More information about the Oisf-users mailing list