Hello,
How can I solve this warning?
# suricata -T
18/5/2021 -- 10:20:46 - <Info> - Running suricata under test mode
18/5/2021 -- 10:20:46 - <Notice> - This is Suricata version 5.0.6 RELEASE running in SYSTEM mode
18/5/2021 -- 10:20:54 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /var/lib/suricata/rules/local.rules
#
# cat /var/lib/suricata/rules/local.rules
cat: /var/lib/suricata/rules/local.rules: No such file or directoryThank you.
HI,
No rules file exists at that location.
Me. Normally, I place them in /etc/suricata/rules, and you have to indicate it in suricata.yaml.
In /etc/suricata/suricats.yam:
Best Regards,
You need to download, for example, Emerging Threats ruleset into /var/lib/suricata/rules and then configure suricata.yaml to look for these rules.
Step 1: suricata-update
Step 2: open suricata.yaml and configure default-rule-path option, like below.
default-rule-path: /var/lib/suricata/rules
rule-files:
Thank you so much for the useful information.
run offline
sudo suricata -T
run online
sudo suricata-update
sudo suricata-update update-sources
sudo suricata-update list-sources
sudo suricata-update add-source et/open
sudo suricata-update enable-source et/open
sudo suricata-update list-enabled-sources
once done then offline
sudo suricata -T -c /etc/suricata/suricata.yaml -v
version 6 and below change suricata.yaml
where it points to the rules to
/var/lib/suricata/rules
not
/etc/suricata/rules
this has already been changed in version 7
dont worry about the rules already in /etc/suricata/rules
they are programmed in to load
adding any new rules directories will be in
/var/lib suricata/rules
such as local.rules
make sure to add it to the suricata.yaml under
-suricata.rules
-local.rules
