[Oisf-users] Properly testing Suricata for alerts
Andreas Herz
andi at geekosphere.org
Mon Feb 18 22:12:34 UTC 2019
On 18/02/19 at 22:09, 419telegraph298 at protonmail.com wrote:
> default-rule-path: /var/lib/suricata/rules
> rule-files:
> - botcc.rules
> # - botcc.portgrouped.rules
> - ciarmy.rules
> - compromised.rules
> - drop.rules
> - dshield.rules
> # - emerging-activex.rules
> - emerging-attack_response.rules
> - emerging-chat.rules
> - emerging-current_events.rules
> - emerging-dns.rules
> - emerging-dos.rules
>
> should it actually be - /var/lib/suricata/rules/suricata.rules ?
Nope the path is correct and if you run suricata-update and it didn't
have any issues you should fine the suricata.rules file within the
/var/lib/suricata/rules directory
>
>
>
>
> Sent from ProtonMail, encrypted email based in Switzerland.
>
> Sent with ProtonMail Secure Email.
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Monday, February 18, 2019 5:01 PM, Andreas Herz <andi at geekosphere.org> wrote:
>
> > On 18/02/19 at 17:13, 419telegraph298 at protonmail.com wrote:
> >
> > > and yeah I added the auto update rule files as the rule files in the
> > > config. Should I be running "-s signatures.rules" when I run from
> > > command line as well? Because I can't locate the signatures.rules
> > > anywhere
> >
> > What does your config say about "default-rule-path:"?
> > You can look in /var/lib/suricata/rules/ for the file.
> >
> > ---------------------------------------------------------------------------------------------------------------
> >
> > Andreas Herz
> >
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> > List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >
> > Conference: https://suricon.net
> > Trainings: https://suricata-ids.org/training/
>
>
--
Andreas Herz
More information about the Oisf-users
mailing list