[Oisf-users] suricata-update 1.0.4 appears to ignore the ignore option in the config file ??

Russell Fulton r.fulton at auckland.ac.nz
Wed May 1 05:02:09 UTC 2019

As part of my fiddling around trying to work out what was wrong with my modify rules I installed 1.0.4 (which is what pip gave me)   I see 1.0.5 is announced….

I then  noticed that I now am seeing lots of alerts that should be ignored and when I went back to rerun the update I realised that my long ignore list in the config file was being ignored!  

I fiddled with things and discovered that I could put --ignore on the command line but my list in the config file did not work.

Has the key in the config file changed?

# List of files to ignore. Overrided by the --ignore command line option.

ignore: [ "dshield.rules","voip.rules","tor.rules","mobile_malware.rules","worm.rules","smtp.rules","dos.rules","drop.rules","info.rules","exploit.rules","scan.rules",”p2p.rules”… ]


More information about the Oisf-users mailing list