Suricata 6.0.8 Update fails

Help
1

Hi there,

I’m new to Suricata and installed version 6.0.5 some month ago on my MacBook via “brew”. Everything worked fine and I had no issues while updating with brew to version 6.0.6. But with the (two?) new updates to 6.0.8 the suricata-update command doesn’t work anymore. The error is:

> Traceback (most recent call last):
>   File "/usr/local/Cellar/suricata/6.0.8/libexec/bin/suricata-update", line 35, in <module>
>     from suricata.update import main
> ModuleNotFoundError: No module named 'suricata'

I uninstalled it and tried it with a new installation - same result. As I am not (yet :wink:) an expert on Mac OS (coming from Windows), I have really no idea, what I can do, to get the update running again, so any suggestion is appreciated.

Thank you,
Lasse

2

With 6.0.8 we did make some changes with how our Python tools are installed and most packaging systems might need a modification. I’m not really familiar with Brew myself, nor do I have a Mac, but I’ve filed a bug for a recommended fix here: suricata: PYTHONPATH needs updates for 6.0.8 · Issue #112002 · Homebrew/homebrew-core · GitHub

I expect it to be a quick fix for someone who knows what they are doing with Brew.

3

Dear Jason,

Thanks a lot for your answer. According to your fix I changed my suricata-update file:

PYTHONPATH="/usr/local/Cellar/suricata/6.0.8/lib/suricata/python" exec "/usr/local/Cellar/suricata/6.0.8/libexec/bin/suricata-update" "$@"

And now the update works again!
Thank you so much, really appreciate it and all of your work!

Have a nice weekend,
Lasse