When using suricata-update, it will re-create your classification.config but not at the same location as the suricata.yaml (nor custom.yaml loaded by suricata.yaml) might specify and instead if there is a classification.config in the ‘datadir’, suricata seems to use that.
Suricata-update will use a file (/usr/share/suricata ?) as the source and after digesting the rules output details about a diff/and use higher to re-create classification.config which it puts in the default rules folder, but, I cannot seem to update the source of this file/initial contribution?
What I am doing now is not having suricata-update reload/test, and once the ‘update’ finishes, I copy over the classification.config that I want to have read by suricata, and if it read the old one, I seem to have to restart (not reload) suricata. In this, it seems suricata reload only handles rules files and the suricata.yaml+ files, but no ‘config’ files.
Please let me know where greater undrestanding can be had, thank you for your time!