Suricata » Suricata-Update

Would it make sense to also have a built-in list of paths to try?

/etc/suricata/suricata.yaml
/usr/local/etc/suricata/suricata.yaml
/etc/suricata/suricata-debian.yaml

etc

Victor Julien wrote:

Would it make sense to also have a built-in list of paths to try?

/etc/suricata/suricata.yaml
/usr/local/etc/suricata/suricata.yaml
/etc/suricata/suricata-debian.yaml

etc

Yes, I think so. That order seems OK as well. However, /etc/suricata/suricata-debian.yaml doesn't seem to be standard. I can't find its usage in Debian using the stock Debian 9 suricata package (3.2.1) or the backport of 4.0.1. So not sure about it being in the defaults.

/etc/suricata/suricata-debian.yaml is standard in Debian Jessie(which is still Supported) but not in Debian Stretch. I would agree to have a built-in list to try for /etc/suricata/suricata.yaml and
/usr/local/etc/suricata/suricata.yaml, but would still implement an option to set the path manually. Just for the user who set suricatas ./configure --prefix= to something different or for Distri-Releases like Jessie.

Yes, the option for setting the conf file is needed. I actually keep mine somewhere else completely.

Having /etc/suricata/suricata-debian.yaml in the default list is fine. Just wasn't aware of its use as a standard location.

I added the changes for multiple default locations for suricata.yaml to my commit