TechQA.

How should I add my rule file to Suricata?

1.4k views Asked by At

I was looking into suricata and I could not understand something about configuration file. As in the documentation we need to add our rule file to the suricata.yaml like this:

default-rule-path: /usr/local/etc/suricata/rules
rule-files:
         - suricata.rules
         - /path/to/local.rules

Should we need write the directory of the local.rules(sample file) ? Or we just keep it as /path/...

Which one is the correct usage? Thanks in advance

security suricata ids
Original Q&A
1

There are 1 answers

0
Jason On

Both are fine. A rule file without a leading / will be loaded relative to the default-rule-path. I will often have a section that looks like:

default-rule-path: /var/lib/suricata/rules
rules-files:
  - suricata.rules
  - /etc/suricata/rules/local.rules

Where suricata.rules is the output of suricata-update. And local.rules is just a rule file I manually update.

Related Questions in SECURITY

Related Questions in SURICATA

Related Questions in IDS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions