[Oisf-users] suricata-update 1.0.4 appears to ignore the ignore option in the config file ??
Russell Fulton
r.fulton at auckland.ac.nz
Wed May 1 05:02:09 UTC 2019
As part of my fiddling around trying to work out what was wrong with my modify rules I installed 1.0.4 (which is what pip gave me) I see 1.0.5 is announced….
I then noticed that I now am seeing lots of alerts that should be ignored and when I went back to rerun the update I realised that my long ignore list in the config file was being ignored!
I fiddled with things and discovered that I could put --ignore on the command line but my list in the config file did not work.
Has the key in the config file changed?
# List of files to ignore. Overrided by the --ignore command line option.
ignore: [ "dshield.rules","voip.rules","tor.rules","mobile_malware.rules","worm.rules","smtp.rules","dos.rules","drop.rules","info.rules","exploit.rules","scan.rules",”p2p.rules”… ]
Russell
More information about the Oisf-users
mailing list