Ubuntu. No such directory. [ERRCODE: SC_ERR_NO_RULES(42)]

I just installed Suricata on Ubuntu 18.04 by the command:

apt-get install suricata

Then i got the ERROR:

26/1/2021 – 08:25:02 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /var/lib/suricata/rules/suricata.rules

I don’t have directory /var/lib/suricata/rules/suricata.rules. If this directory existed, I would change the rights to 755. What should I do in this case?


What it says is that you are missing the suricata.rules file. You will have to have that file or any other in that directory and add it to suricata.yaml.

In suricata.yaml is written there:

default-rule-path: /var/lib/suricata/rules


  • suricata.rules

But this directory doesn’t exist.

what is not is suricata.rules. I have the rules in /etc/suricata/rules (if the rules directory is not there, create it), and there you should have the rules.

In suricata.yaml you will have to add the rules in this way:

default-rule-path: /etc/suricata/rules


  • pt-rules.rules
  • protoanomalies.rules

-----------------------end custom

  • files.rules
  • botcc.rules

- botcc.portgrouped.rules

  • ciarmy.rules
  • compromised.rules
  • drop.rules
  • dshield.rules

- emerging-activex.rules

  • emerging-attack_response.rules
  • emerging-chat.rules
  • emerging-current_events.rules
  • emerging-dns.rules
  • emerging-dos.rules
  • emerging-exploit.rules
  • emerging-ftp.rules

- emerging-games.rules

- emerging-icmp_info.rules

- emerging-icmp.rules

  • emerging-imap.rules

- emerging-inappropriate.rules

- emerging-info.rules

To manage and update the rules, you can use suricata-update


1 Like

Thank you for help!
The needed directory and rule were created by this command:

sudo suricata-update

1 Like

Perfect !!! :wink:

With suricata-update you can do many things. Test it.

sudo ./suricata-update --suricata-conf /etc/suricata/suricata6b.yaml -o /etc/suricata/rules6 --no-merge --verbose --force

sudo suricata-update list-sources
sudo suricata-update list-enabled-sources
sudo suricata-update enable-source oisf/trafficid
sudo suricata-update enable-source ptresearch/attackdetection

etc etc …

“”""/etc/suricata/suricata6b.yaml""" “”"/etc/suricata/rules6""" these directories are from my configuration. You will have to put yours.

1 Like