[Oisf-users] suricata-update 1.0.4 appears to ignore the ignore option in the config file ??
Russell Fulton
r.fulton at auckland.ac.nz
Fri May 3 02:17:08 UTC 2019
resolved by making sure that I had 1.0.5 installed.
I did a bit of diagnostics on the 1.0.4 version. The command line ignore was over riding the config even when the the option was not used!
R
> On 1/05/2019, at 5:02 PM, Russell Fulton <r.fulton at auckland.ac.nz> wrote:
>
> As part of my fiddling around trying to work out what was wrong with my modify rules I installed 1.0.4 (which is what pip gave me) I see 1.0.5 is announced….
>
> I then noticed that I now am seeing lots of alerts that should be ignored and when I went back to rerun the update I realised that my long ignore list in the config file was being ignored!
>
> I fiddled with things and discovered that I could put --ignore on the command line but my list in the config file did not work.
>
> Has the key in the config file changed?
>
> # List of files to ignore. Overrided by the --ignore command line option.
>
> ignore: [ "dshield.rules","voip.rules","tor.rules","mobile_malware.rules","worm.rules","smtp.rules","dos.rules","drop.rules","info.rules","exploit.rules","scan.rules",”p2p.rules”… ]
>
>
> Russell
More information about the Oisf-users
mailing list