<Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /var/lib/suricata/rules/local.rules

Hello,
How can I solve this warning?

# suricata -T
18/5/2021 -- 10:20:46 - <Info> - Running suricata under test mode
18/5/2021 -- 10:20:46 - <Notice> - This is Suricata version 5.0.6 RELEASE running in SYSTEM mode
18/5/2021 -- 10:20:54 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /var/lib/suricata/rules/local.rules
#
# cat /var/lib/suricata/rules/local.rules
cat: /var/lib/suricata/rules/local.rules: No such file or directory

Thank you.

HI,

No rules file exists at that location.
Me. Normally, I place them in /etc/suricata/rules, and you have to indicate it in suricata.yaml.

In /etc/suricata/suricats.yam:

Best Regards,

1 Like

You need to download, for example, Emerging Threats ruleset into /var/lib/suricata/rules and then configure suricata.yaml to look for these rules.

Step 1: suricata-update
Step 2: open suricata.yaml and configure default-rule-path option, like below.

default-rule-path: /var/lib/suricata/rules
rule-files:

  • suricata.rules
1 Like

Thank you so much for the useful information.

2 Likes