[Oisf-users] suricata-update warnings

Eric Urban eurban at umn.edu
Wed May 1 16:12:37 UTC 2019


It looks like suricata-update will first check for the existence of
a dist-rule-directory in the config file.  If that doesn't exist, then it
looks in for the existence of DEFAULT_DIST_RULE_PATH, which is
/etc/suricata/rules.  If you had distribution rule files available, you
would see info messages like "1/5/2019 -- 10:56:29 - <Info> -- Loading
distribution rule file /etc/suricata/rules/<rule file name>" for each rule
file in that directory.

If you want to get rid of this warning, it looks like you either need to
create an empty /etc/suricata/rules directory or you would need to specify
dist-rule-directory in the config and point it to some directory that
exists but that doesn't have any files in it (maybe /dev/null would be
appropriate?).



-- 
Eric Urban
University Information Security | Office of Information Technology |
it.umn.edu
University of Minnesota | umn.edu
eurban at umn.edu


On Tue, Apr 30, 2019 at 5:28 PM Russell Fulton <r.fulton at auckland.ac.nz>
wrote:

> Hi
>
> I always get this warning from update:
>
> <Warning> -- No distribution rule directory found.
>
> everything works as expected but I can’t figure out what it is looking for.
>
> Since I have a bunch of sensors I pull the rules once and then push them
> out to the sensors and then run update.  i.e. the source is file://
>
> I am trying to get a normal run of my update job to generate *NO* output
> so the cronjob sends mail when something unusual happens so I would like to
> suppress this warning.
>
> Russell
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190501/6f607d7f/attachment.html>


More information about the Oisf-users mailing list