[Oisf-users] suricata-update appending env stuff to the test command?

Peter Manev petermanev at gmail.com
Tue May 28 06:47:30 UTC 2019


On Tue, May 28, 2019 at 2:05 AM Russell Fulton <r.fulton at auckland.ac.nz> wrote:
>
> Since I updated my suricata.yaml file for 4.1.4 update has been failing the rule test so rules have not been getting updated.
>
> 28/5/2019 -- 11:37:17 - <Info> -- Testing with suricata -T.
> 28/5/2019 -- 11:37:17 - <Debug> -- Running /usr/local/bin/suricata -T -l /tmp -c /usr/local/etc/suricata/suricata.yaml -S /usr/local/var/lib/suricata/rules/suricata.rules; env={'SC_LOG_FORMAT': '%t - <%d> -- ', 'SC_LOG_LEVEL': 'Warning', 'ASAN_OPTIONS': 'detect_leaks=0'}
> 28/5/2019 -- 11:37:17 - <Error> -- Suricata test failed, aborting.
> 28/5/2019 -- 11:37:17 - <Error> -- Restoring previous rules.
> sensors at secmonprd11:~$
>

Hi Russel !
What command do you run to reproduce that ? (can you provide the full
output if more than that is available)
How did you install/upgrade?
Thanks !

> this is with a new install of 1.0.5 (as well as the original 1.0.0).
>
> Any idea what is causing suricata-update to append that hash definition to the command line?
>
> I also tried explicitly setting the testing command in the yaml.
>
> I am running it with —no-test at the moment but it would be good to have the rules tested before getting loaded.
>
> Russell
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/



-- 
Regards,
Peter Manev


More information about the Oisf-users mailing list