Hello,
1- To run Suricata-IDS in IPS mode, the drop.conf file must be created under the /etc/suricata/ directory with the following contents:
re: .2- To enable or disable specific rules, enable.conf and disable.conf files must be created under the /etc/suricata/ directory and the SID or name of the desired rule should be inserted in that file(s).
Does the above steps work in the current version of Suricata-IDS?
Thank you.
Did you try before asking?
Hello,
Thanks again.
Because of some Suricata-IDS problems, I can’t test them. I need to fix the current problems of Suricata-IDS first.
I think you should wait with creating another new topic then. It’s not useful to ask things w/o trying or w/o being able to try the suggestions you may receive.
Hello,
Thank you for your advice.
But, you are a member of Suricata-IDS team, How do you not know?
What you describe is current with our documentation. So you should try first, if you hit an error, then describe the issue.