[Oisf-users] SOLVED Suricata ignoring disable.conf
James Moe
jimoe at sohnen-moe.com
Sat Nov 2 18:03:03 UTC 2019
On 31/10/2019 2.27 pm, James Moe wrote:
> I decided to disable the SURICATA rules since they do not really impart any
> useful information for our network. I added "re:SURICATA" to <disable.conf> and
> restarted. SURICATA rules are still in effect.
>
> Where should I look to discover why suricata is not heeding the rules?
>
Apparently, when the host was restarted 22 days ago, suricata failed to create
a PID file. Each subsequent request to stop/start/reload failed because the
control script could not find a PID file to know which process to stop.
Hence, suricata had never reloaded the changed rules.
--
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Think.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191102/97e8be77/attachment.sig>
More information about the Oisf-users
mailing list