Bug #985
closeddefault config generates rule warnings and errors
Description
Hi,
I have installed the current stable version on my system LVCC based Ubuntu 12.04 LTS.
I downloaded and deployed rules from the .gz package. I manualy installed emerging-icmp.rules in the goal of eliminate the icmp rules error but a warning remains.
I was unable to find the virus rules.
Running sudo suricata -c /etc/suricata/suricata.yaml -i eth0
Everything work fine, except the following:
2/10/2013 -- 02:37:05 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/emerging-icmp.rules
2/10/2013 -- 02:37:06 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /etc/suricata/rules/emerging-virus.rules: No such file or directory.
2/10/2013 -- 02:37:32 - <Warning> - [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/etc/suricata//threshold.config": No such file or directory
If it's not new, please ignore it. I am new to the project so there will be a learning curve, I agree.
Have a good one,
Marc-Andre!
Files
Updated by Victor Julien over 10 years ago
- Subject changed from Suricata version 1.4.6 RELEASE - rules warings and errors to Suricata version 1.4.6 RELEASE - rules warnings and errors
Updated by Victor Julien over 10 years ago
2/10/2013 -- 02:37:05 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/emerging-icmp.rules
Indicates that no rules were loaded. So it's either empty or there were errors. In case of errors they should have been printed above this line.
Updated by Marc-Andre Heroux over 10 years ago
Victor Julien wrote:
[...]
Indicates that no rules were loaded. So it's either empty or there were errors. In case of errors they should have been printed above this line.
I see - in the file emerging-icmp.rules - everything is in comment. I will try to remove a comment and relaod Suricata.
What about emerging-virus.rules? Is their a rules file available somewhere on the ftp tree?
Regards,
Marc-Andre
Updated by Victor Julien over 10 years ago
Emerging Threats rules have their origin here: https://rules.emergingthreatspro.com/open/
Updated by Marc-Andre Heroux over 10 years ago
I appreciate the information - I will have a look at it.
In order to update rules, is there an existing linux script to do this automatically? Else, I may create one.
Updated by Peter Manev over 10 years ago
Updated by Victor Julien over 10 years ago
- Target version changed from 1.4.7 to 2.0rc1
Updated by Victor Julien about 10 years ago
- Target version changed from 2.0rc1 to 2.0rc2
Updated by Victor Julien about 10 years ago
- Assignee changed from OISF Dev to Victor Julien
Updated by Victor Julien about 10 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
Updated default config to disable emerging-icmp.rules, updated the ruleset that is downloaded, so these issues should be gone.
Updated by Victor Julien about 10 years ago
- Tracker changed from Optimization to Bug
- Subject changed from Suricata version 1.4.6 RELEASE - rules warnings and errors to default config generates rule warnings and errors