[Oisf-users] SOLVED Suricata ignoring disable.conf

James Moe jimoe at sohnen-moe.com
Sat Nov 2 18:03:03 UTC 2019

On 31/10/2019 2.27 pm, James Moe wrote:

>   I decided to disable the SURICATA rules since they do not really impart any
> useful information for our network. I added "re:SURICATA" to <disable.conf> and
> restarted. SURICATA rules are still in effect.
>   Where should I look to discover why suricata is not heeding the rules?
  Apparently, when the host was restarted 22 days ago, suricata failed to create
a PID file. Each subsequent request to stop/start/reload failed because the
control script could not find a PID file to know which process to stop.
  Hence, suricata had never reloaded the changed rules.

James Moe
moe dot james at sohnen-moe dot com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191102/97e8be77/attachment.sig>

More information about the Oisf-users mailing list