Suricata 7.0.0 Displaying <Warning> -- No distribution rule directory found

Installed suricata on this machine about 2 months ago, everything was fine until their was an ubuntu update but I did not install it as normally when I do this it resets the yml file and resets the network to eth0 and have to spend hours sorting it out. I cannot see this error anywhere on your site, as you can see from the screenshot all rules seem to be loading except for this error I have checked /var/suricata/lib/rules and they are complete so I assume it has something to do with and update as I did not allow updating of suricata.yml.

I have been running suricata for about 2 years without any issues. this machine is running 18.04.6 ESM Ubuntu Pro. without any CIS benchmarks installed.
Could this be an issue with 7.00-rc2 on ubuntu.

Any help here would be greatly appreciated.
Many Thanks

It is a folder location change from Suricata 6 to Suricata 7 (Task #6199: ppa: move Suricata provided rules from /etc/suricata/rules to /usr/share/suricata/rules - Suricata - Open Information Security Foundation), but you should be able to update in about 30 min to 1hr (as soon as it is published in PPA) to a new pkg that fixes the warning you describe.

Hi Peter,
Many many thanks for your very swift reply and solution, It has worked a treat, I have being using suricata for longer than I stated and used the Digital Ocean Help guides to install, just had to make sure the yml file was correctly justified.
I will certainly be using this forum again as I have had a very positive experience and thank you for all your dedicated work to this project.

Thanks for posting and your feedback.
Glad to be of help!

1 Like