use Suricata-Update managed classification.config
Since Suricata-Update 1.2.0 it can manage the classification.config. By default Suricata won't use this yet.
Updated by Jason Ish over 1 year ago
@Victor Julien Do you think its too late to get this into 7.0 rc?
I'm a little hesitant to just do the simple swap of loading "/var/lib/suricata/rules/classification.config" instead of "/etc/suricata/classification.config". I think we need something a little more fail proof. Like:
- load /var/lib/suricata/rules/classification.config
- load /usr/share/suricata/classification.config (this already exists with 7.0)
- if exists, load /etc/suricata/classification.config replacing existing classifications. This allows users the ability to override priorities and such.
Suricata has enough context to know what to do in the majority of the uses cases that the classification file could be removed from