Suricata latest version using
This is part of my Suricata.yaml file
datasets:
allow-absolute-filenames: true
# Default fallback memcap and hashsize values for datasets in case these
# were not explicitly defined.
defaults:
#memcap: 100 MiB
#hashsize: 2048
# Limits for per rule dataset instances to avoid rules using too many
# resources.
limits:
# Max value for per dataset `hashsize` setting
#single-hashsize: 65536
# Max combined hashsize values for all datasets.
#total-hashsizes: 16777216
rules:
# Set to true to allow absolute filenames and filenames that use
# ".." components to reference parent directories in rules that specify
# their filenames.
allow-absolute-filenames: true
# Allow datasets in rules write access for "save" and
# "state". This is enabled by default, however write access is
# limited to the data directory.
allow-write: true
badurls:
type: string
load: /var/lib/suricata/rules/badurls.list
My rule syntax: alert dns any any → any any (msg:“Suspicious DNS query detected”; dns.query; dataset:isset, badurls; sid:1000002; rev:1;)
I am not getting any alert if anyone can help me then it will be good