Hey @ish
Thanks so much for your help.
I was being super dumb, thanks for pointing that out… I should wildcard anything in a custom dir not /etc/suricata/rules as I am causing myself DUP errors and since amending the config now looks a lot cleaner!
Fixed up my local.rules
# ls -halt /var/log/suricata/suricata.log
-rw-r--r-- 1 root root 67K Oct 20 16:50 /var/log/suricata/suricata.log
cat /var/log/suricata/suricata.log | grep "/etc/suricata/rules/local.rules" -B 5 -A 5
20/10/2022 -- 16:55:06 - <Perf> - using shared mpm ctx' for icmpv6.hdr
20/10/2022 -- 16:55:06 - <Perf> - using shared mpm ctx' for ipv4.hdr
20/10/2022 -- 16:55:06 - <Perf> - using shared mpm ctx' for ipv6.hdr
20/10/2022 -- 16:55:06 - <Config> - IP reputation disabled
20/10/2022 -- 16:55:06 - <Config> - Loading rule file: /var/lib/suricata/rules/suricata.rules
20/10/2022 -- 16:55:11 - <Config> - Loading rule file: /etc/suricata/rules/local.rules
20/10/2022 -- 16:55:11 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/ads-ioc-dataset.rules
I see no errors, so I assume it loaded and my custom rules were successful.
I am experiencing unrelated issues using bonded interfaces in Multiple interfaces on the same machine](Multiple interfaces on the same machine - #13 by ADudeWhoSurfs)
Therefore, my stats are failing too which is a pain
# suricatasc -c ruleset-stats /usr/local/var/run/suricata/suricata-command.socket
Unable to connect to socket /usr/local/var/run/suricata/suricata-command.socket: [Errno 2] No such file or directory
Also learning a bunch so really appreciate your patience and all of your expertise.