Here is sample update.yaml file, when i change line disable-conf:/etc/suricata/disable.conf to disable-conf:/path/to/sample.conf => Is Not Working. How i can modify this file to apply new cusotmize disable/enable config file with suricata-update
Can you explain how its not working?
Does your /path/to/sample.conf exist?
1 - Here is my config in update.yaml.
2 - When i have two file disable.conf and disable_test.conf the update.yaml always using disable.conf
3 - When i change the name of disable.conf to something elsse => Is Working
I create new folder, move .conf and update.yaml from /etc/suricata to it => Is Working
It is most likely the underscore in the filename. Try escaping or quoting the filename or using something like “disable.test.conf” as the filename.
This could be a bug. It might be preferring the existence of /etc/suricata/disable.conf over what is supplied in /etc/suricata/update.yaml. If this is the case, adding the command line option --disable-conf /path/to/disable.conf should override, and I’ll be looking further into this.