Support #5369
closedsuricata-update generated classificiation.config leaves whitespace after the comma before severity
Description
Greetings,
I have my suricata configured to drop traffic in ips mode by severity level in classification.config.
While checking the alert dashboard I noticed that some traffic that was classified as severity 2 was passing through with an allow event for wordpress admin urls.
I checked into this and found that classification.config had the following 2 lines:
config classification: bad-unknown,Potentially Bad Traffic, 2
config classification: trojan-activity,A Network Trojan was detected, 1
The other lines with no white-space work as expected.
I can fix it manually and reload-rules but each time my system runs suricata-update update it regenerates the file with the aforementioned white space and causes the severity not to be picked up correctly and the traffic is allowed through.
Other lines which work look like the following:
config classification: successful-user,Successful User Privilege Gain,1