Note that datasets are an experimental feature in Suricata 5.0.x and that the syntax and functionality subject to change. See https://suricata.readthedocs.io/en/suricata-5.0.4/rules/datasets.html
In Suricata 6.0 and later, datasets are no longer experiemental.
With 5.0.3, you’ll have to either
- Modify the Suricata configuration file
- Or, supply additional configuration information on the command line.
With 2, add --set datasets.domains-ryuk.state=./domains_ryuk64.lst --set datasets.domains-ryuk.type=string to the command line you’re using to start Suricata. Note that domains_ryuk64.lst is the base 64 encoded representation of the plain-text file containing the domains. You can use base64 to generate this file.