Moving to ports@openbsd.org, please reply there
On 2022/04/05 10:31, George Pontis wrote:
> OpenBSD 7.0 release for amd64
>
> After installing the suricata 6.0.2 package, the readme provides guidance
> for using suricata-update as follows:
>
> *****
>
> suricata-update
> ---------------
> suricata-update is the recommended way to install and update rules.
> By default it will download the new rules into /var/suricata/rules
>
> Edit /etc/suricata/suricata.yaml and replace the existing default-rule-path
> and rule-files sections with this:
>
> default-rule-path: /var/suricata/rules/
> rule-files:
> - suricata.rules
>
> *****
>
> However, suricata-update is actually coded to put the rules under
> /var/lib/suricata/rules, so the running instance does not see the rules and
> bombs out in a flood of errors
>
Can you show some more information and the actual error messages?
As far as I can see suricata-update is patched in the port to use the
location directly under /var (VARBASE).
https://github.com/openbsd/ports/blob/master/security/suricata/patches/patch-suricata-update_suricata_update_config_py
https://github.com/openbsd/ports/blob/master/security/suricata/patches/patch-suricata-update_suricata_update_parsers_py
No comments:
Post a Comment