[Oisf-users] suricata-update appending env stuff to the test command?
Jason Ish
jason.ish at oisf.net
Tue May 28 16:44:33 UTC 2019
Hi Russel,
On 2019-05-27 5:05 p.m., Russell Fulton wrote:
> Since I updated my suricata.yaml file for 4.1.4 update has been failing the rule test so rules have not been getting updated.
>
> 28/5/2019 -- 11:37:17 - <Info> -- Testing with suricata -T.
> 28/5/2019 -- 11:37:17 - <Debug> -- Running /usr/local/bin/suricata -T -l /tmp -c /usr/local/etc/suricata/suricata.yaml -S /usr/local/var/lib/suricata/rules/suricata.rules; env={'SC_LOG_FORMAT': '%t - <%d> -- ', 'SC_LOG_LEVEL': 'Warning', 'ASAN_OPTIONS': 'detect_leaks=0'}
> 28/5/2019 -- 11:37:17 - <Error> -- Suricata test failed, aborting.
> 28/5/2019 -- 11:37:17 - <Error> -- Restoring previous rules.
> sensors at secmonprd11:~$
>
> this is with a new install of 1.0.5 (as well as the original 1.0.0).
>
> Any idea what is causing suricata-update to append that hash definition to the command line?
So this stuff at the end is just the environment variables the command
is running under, not part of the command itself. The command is just:
/usr/local/bin/suricata -T -l /tmp \
-c /usr/local/etc/suricata/suricata.yaml \
-S /usr/local/var/lib/suricata/rules/suricata.rules
Are you running suricata-update with -v? Usually the reason why Suricata
failed the test is logged.
Jason
More information about the Oisf-users
mailing list