[Oisf-users] Configuring Suricata Auto Update with Briar IDS
Jason Ish
ish at unx.ca
Mon Jan 21 15:22:41 UTC 2019
On 2019-01-19 3:44 p.m., 419telegraph298 at protonmail.com wrote:
> Hey everyone,
>
> I recently installed Suricata on a Raspberry Pi 3 using the Briar IDS
> - https://github.com/musicmancorley/BriarIDS
>
> I then attempted to install Suricata-Update, however, and am running
> into issues, I suspect because Briar installed *suricata-4.0.4* in
> /usr/local/src but auto-update is in */var/lib/suricata*. Suricata stops
> running every day instead of updating, and I have to relaunch the
> program manually. It does not have any issues collecting traffic when I
> relaunch.
>
> It fails to locate the binary for Suricata and gives me the error "No
> distribution rule directory found" but has been able to update my
> rulesets in */usr/local/src/suricata-4.0.4/rules. *Do I need to move my
> config file?
This will happen if suricata-update and suricata are installed
separately of each other and have different prefixes. Your best bet is
to tell suricata-update where your suricata is:
suricata-update --suricata /path/to/suricata
As for Suricata stopping. It doesn't look like you have suricata-update
setup to trigger suricata, so maybe the memory issue the other user
posted could be the cause?
Jason
More information about the Oisf-users
mailing list