[Oisf-users] Suricata ignoring disable.conf
Jason Ish
jason.ish at oisf.net
Fri Nov 1 09:29:06 UTC 2019
Hi James,
On 2019-10-31 10:27 p.m., James Moe wrote:
> Hello,
> suricata v5.0.0
> opensuse 15.1
>
> I decided to disable the SURICATA rules since they do not really impart any
> useful information for our network. I added "re:SURICATA" to <disable.conf> and
> restarted. SURICATA rules are still in effect.
>
> Where should I look to discover why suricata is not heeding the rules?
Did you also re-run suricata-update after modifying disable.conf?
Its a best effort to pick up this file by default, to ensure that it is
picked up you can add the command line option:
--disable-conf /path/to/disable.conf
For it to be picked up by default it should be in the same directory
that Suricata looks for suricata.yaml by default, this will depend on
how you compiled suricata.
Hope that helps,
Jason
More information about the Oisf-users
mailing list