Project

General

Profile

Actions
Copy link

Bug #1417

closed
PM JI

no rules loaded - latest git - rev e250040

Bug #1417: no rules loaded - latest git - rev e250040

Added by Peter Manev about 11 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
High
Assignee:
Jason Ish
Target version:
2.1beta4
Affected Versions:
Effort:
Difficulty:
Label:

Description

After an upgrade from the today's git commits (rev e250040) - no rules (rule files) are loaded from suricata.yaml at all.
This ERR is present instead:

(detect.c:411) <Warning> (SigLoadSignatures) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Invalid rule-files configuration section: expected a list of filenames.

However suricata dump config shows that the rule files are specified:

suricata --dump-config -c /etc/suricata/suricata.yaml |grep rule
default-rule-path = /etc/suricata/rules
rule-files = (null)
rule-files.0 = botcc.rules
rule-files.1 = ciarmy.rules
rule-files.2 = compromised.rules
rule-files.3 = drop.rules
rule-files.4 = dshield.rules
rule-files.5 = emerging-activex.rules
rule-files.6 = emerging-attack_response.rules
rule-files.7 = emerging-chat.rules
rule-files.8 = emerging-current_events.rules
rule-files.9 = emerging-dns.rules
rule-files.10 = emerging-dos.rules
rule-files.11 = emerging-exploit.rules
rule-files.12 = emerging-ftp.rules
rule-files.13 = emerging-games.rules
rule-files.14 = emerging-icmp_info.rules
rule-files.15 = emerging-imap.rules
rule-files.16 = emerging-inappropriate.rules
rule-files.17 = emerging-malware.rules
rule-files.18 = emerging-misc.rules
....

JI Updated by Jason Ish about 11 years ago Actions
Copy link
 #1

  • Assignee set to Jason Ish

JI Updated by Jason Ish about 11 years ago Actions
Copy link
 #2

  • Status changed from New to Resolved

Fixed by https://github.com/inliniac/suricata/pull/1380

Sorry, must have missed the updates to conf-yaml-loader.c while committing. Fixed, and added test around setting the node as a sequence node.

I assumed that the pcaps builder was maybe loading some rules files, running some pcaps and verifying some rules fired? Is this not the case? Not sure why assumed this though.

VJ Updated by Victor Julien about 11 years ago Actions
Copy link
 #3

  • Status changed from Resolved to Closed
  • Target version set to 2.1beta4
  • % Done changed from 0 to 100

Merged the PR, thanks guys.

Actions
Copy link

Also available in: PDF Atom