[Oisf-users] Properly testing Suricata for alerts
419telegraph298 at protonmail.com
419telegraph298 at protonmail.com
Mon Feb 18 22:09:52 UTC 2019
default-rule-path: /var/lib/suricata/rules
rule-files:
- botcc.rules
# - botcc.portgrouped.rules
- ciarmy.rules
- compromised.rules
- drop.rules
- dshield.rules
# - emerging-activex.rules
- emerging-attack_response.rules
- emerging-chat.rules
- emerging-current_events.rules
- emerging-dns.rules
- emerging-dos.rules
should it actually be - /var/lib/suricata/rules/suricata.rules ?
Sent from ProtonMail, encrypted email based in Switzerland.
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, February 18, 2019 5:01 PM, Andreas Herz <andi at geekosphere.org> wrote:
> On 18/02/19 at 17:13, 419telegraph298 at protonmail.com wrote:
>
> > and yeah I added the auto update rule files as the rule files in the
> > config. Should I be running "-s signatures.rules" when I run from
> > command line as well? Because I can't locate the signatures.rules
> > anywhere
>
> What does your config say about "default-rule-path:"?
> You can look in /var/lib/suricata/rules/ for the file.
>
> ---------------------------------------------------------------------------------------------------------------
>
> Andreas Herz
>
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
More information about the Oisf-users
mailing list