Bug #985
closeddefault config generates rule warnings and errors
Description
Hi,
I have installed the current stable version on my system LVCC based Ubuntu 12.04 LTS.
I downloaded and deployed rules from the .gz package. I manualy installed emerging-icmp.rules in the goal of eliminate the icmp rules error but a warning remains.
I was unable to find the virus rules.
Running sudo suricata -c /etc/suricata/suricata.yaml -i eth0
Everything work fine, except the following:
2/10/2013 -- 02:37:05 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/emerging-icmp.rules
2/10/2013 -- 02:37:06 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /etc/suricata/rules/emerging-virus.rules: No such file or directory.
2/10/2013 -- 02:37:32 - <Warning> - [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/etc/suricata//threshold.config": No such file or directory
If it's not new, please ignore it. I am new to the project so there will be a learning curve, I agree.
Have a good one,
Marc-Andre!
Files
VJ Updated by Victor Julien over 12 years ago
- Subject changed from Suricata version 1.4.6 RELEASE - rules warings and errors to Suricata version 1.4.6 RELEASE - rules warnings and errors
VJ Updated by Victor Julien over 12 years ago
2/10/2013 -- 02:37:05 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/emerging-icmp.rules
Indicates that no rules were loaded. So it's either empty or there were errors. In case of errors they should have been printed above this line.
MH Updated by Marc-Andre Heroux over 12 years ago
Victor Julien wrote:
[...]
Indicates that no rules were loaded. So it's either empty or there were errors. In case of errors they should have been printed above this line.
I see - in the file emerging-icmp.rules - everything is in comment. I will try to remove a comment and relaod Suricata.
What about emerging-virus.rules? Is their a rules file available somewhere on the ftp tree?
Regards,
Marc-Andre
VJ Updated by Victor Julien over 12 years ago
Emerging Threats rules have their origin here: https://rules.emergingthreatspro.com/open/
MH Updated by Marc-Andre Heroux over 12 years ago
I appreciate the information - I will have a look at it.
In order to update rules, is there an existing linux script to do this automatically? Else, I may create one.
PM Updated by Peter Manev over 12 years ago
VJ Updated by Victor Julien over 12 years ago
- Target version changed from 1.4.7 to 2.0rc1
VJ Updated by Victor Julien over 12 years ago
- Assignee set to OISF Dev
VJ Updated by Victor Julien about 12 years ago
- Target version changed from 2.0rc1 to 2.0rc2
VJ Updated by Victor Julien about 12 years ago
- Assignee changed from OISF Dev to Victor Julien
VJ Updated by Victor Julien about 12 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
Updated default config to disable emerging-icmp.rules, updated the ruleset that is downloaded, so these issues should be gone.
VJ Updated by Victor Julien about 12 years ago
- Tracker changed from Optimization to Bug
- Subject changed from Suricata version 1.4.6 RELEASE - rules warnings and errors to default config generates rule warnings and errors