[Oisf-users] Suricata ignoring disable.conf

Jason Ish jason.ish at oisf.net
Fri Nov 1 09:29:06 UTC 2019

Hi James,

On 2019-10-31 10:27 p.m., James Moe wrote:
> Hello,
>    suricata v5.0.0
>    opensuse 15.1
>    I decided to disable the SURICATA rules since they do not really impart any
> useful information for our network. I added "re:SURICATA" to <disable.conf> and
> restarted. SURICATA rules are still in effect.
>    Where should I look to discover why suricata is not heeding the rules?

Did you also re-run suricata-update after modifying disable.conf?

Its a best effort to pick up this file by default, to ensure that it is 
picked up you can add the command line option:

     --disable-conf /path/to/disable.conf

For it to be picked up by default it should be in the same directory 
that Suricata looks for suricata.yaml by default, this will depend on 
how you compiled suricata.

Hope that helps,

More information about the Oisf-users mailing list