[Oisf-users] Configuring Suricata Auto Update with Briar IDS
419telegraph298 at protonmail.com
419telegraph298 at protonmail.com
Wed Jan 23 00:35:59 UTC 2019
Thanks Jason, I tried to change the path as you specified and got this:
Traceback (most recent call last):
File "/usr/local/bin/suricata-update", line 33, in <module>
sys.exit(main.main())
File "/usr/local/lib/python2.7/dist-packages/suricata/update/main.py", line 1454, in main
sys.exit(_main())
File "/usr/local/lib/python2.7/dist-packages/suricata/update/main.py", line 1196, in _main
config.init(args)
File "/usr/local/lib/python2.7/dist-packages/suricata/update/config.py", line 202, in init
build_info = suricata.update.engine.get_build_info(_config["suricata"])
File "/usr/local/lib/python2.7/dist-packages/suricata/update/engine.py", line 39, in get_build_info
build_info_output = subprocess.check_output([suricata, "--build-info"])
File "/usr/lib/python2.7/subprocess.py", line 212, in check_output
process = Popen(stdout=PIPE, *popenargs, **kwargs)
File "/usr/lib/python2.7/subprocess.py", line 390, in __init__
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1024, in _execute_child
raise child_exception
OSError: [Errno 13] Permission denied
Sent from ProtonMail, encrypted email based in Switzerland.
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, January 21, 2019 10:22 AM, Jason Ish <ish at unx.ca> wrote:
> On 2019-01-19 3:44 p.m., 419telegraph298 at protonmail.com wrote:
>
> > Hey everyone,
> > I recently installed Suricata on a Raspberry Pi 3 using the Briar IDS
> > - https://github.com/musicmancorley/BriarIDS
> > I then attempted to install Suricata-Update, however, and am running
> > into issues, I suspect because Briar installed suricata-4.0.4 in
> > /usr/local/src but auto-update is in /var/lib/suricata. Suricata stops
> > running every day instead of updating, and I have to relaunch the
> > program manually. It does not have any issues collecting traffic when I
> > relaunch.
> > It fails to locate the binary for Suricata and gives me the error "No
> > distribution rule directory found" but has been able to update my
> > rulesets in */usr/local/src/suricata-4.0.4/rules. *Do I need to move my
> > config file?
>
> This will happen if suricata-update and suricata are installed
> separately of each other and have different prefixes. Your best bet is
> to tell suricata-update where your suricata is:
>
> suricata-update --suricata /path/to/suricata
>
> As for Suricata stopping. It doesn't look like you have suricata-update
> setup to trigger suricata, so maybe the memory issue the other user
> posted could be the cause?
>
> Jason
>
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
More information about the Oisf-users
mailing list