Hello,
I just installed Suricata on Ubuntu 18.04 by the command:
apt-get install suricata
Then i got the ERROR:
26/1/2021 – 08:25:02 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /var/lib/suricata/rules/suricata.rules
I don’t have directory /var/lib/suricata/rules/suricata.rules. If this directory existed, I would change the rights to 755. What should I do in this case?
Hello,
What it says is that you are missing the suricata.rules file. You will have to have that file or any other in that directory and add it to suricata.yaml.
In suricata.yaml is written there:
default-rule-path: /var/lib/suricata/rules
rule-files:
- suricata.rules
But this directory doesn’t exist.
what is not is suricata.rules. I have the rules in /etc/suricata/rules (if the rules directory is not there, create it), and there you should have the rules.
In suricata.yaml you will have to add the rules in this way:
default-rule-path: /etc/suricata/rules
rule-files:
To manage and update the rules, you can use suricata-update
https://suricata.readthedocs.io/en/suricata-6.0.0/rule-management/suricata-update.html
Thank you for help!
The needed directory and rule were created by this command:
sudo suricata-update
Perfect !!! 
With suricata-update you can do many things. Test it.
sudo ./suricata-update --suricata-conf /etc/suricata/suricata6b.yaml -o /etc/suricata/rules6 --no-merge --verbose --force
sudo suricata-update list-sources
sudo suricata-update list-enabled-sources
sudo suricata-update enable-source oisf/trafficid
sudo suricata-update enable-source ptresearch/attackdetection
etc etc …
“”""/etc/suricata/suricata6b.yaml""" “”"/etc/suricata/rules6""" these directories are from my configuration. You will have to put yours.