[Oisf-users] suricata-update appending env stuff to the test command?

Russell Fulton r.fulton at auckland.ac.nz
Tue May 28 00:05:25 UTC 2019


Since I updated my suricata.yaml file for 4.1.4 update has been failing the rule test so rules have not been getting updated.

28/5/2019 -- 11:37:17 - <Info> -- Testing with suricata -T.
28/5/2019 -- 11:37:17 - <Debug> -- Running /usr/local/bin/suricata -T -l /tmp -c /usr/local/etc/suricata/suricata.yaml -S /usr/local/var/lib/suricata/rules/suricata.rules; env={'SC_LOG_FORMAT': '%t - <%d> -- ', 'SC_LOG_LEVEL': 'Warning', 'ASAN_OPTIONS': 'detect_leaks=0'}
28/5/2019 -- 11:37:17 - <Error> -- Suricata test failed, aborting.
28/5/2019 -- 11:37:17 - <Error> -- Restoring previous rules.
sensors at secmonprd11:~$ 

this is with a new install of 1.0.5 (as well as the original 1.0.0).

Any idea what is causing suricata-update to append that hash definition to the command line?

I also tried explicitly setting the testing command in the yaml.

I am running it with —no-test at the moment but it would be good to have the rules tested before getting loaded.

Russell



More information about the Oisf-users mailing list