Bug #977: WARNING on empty rules file is fatal (should not be) - Suricata - Open Information Security Foundation

Bug #977

Updated by Victor Julien over 10 years ago

Output from the two scenarios (empty rules file enabled/disabled): 
 <pre> 
 ---DISABLED EMPTY RULES FILE--- 
 me@mybox:~$ suricata -T -l /tmp -c /etc/suricata/suricata.yaml 
 19/9/2013 -- 22:16:33 - <Info> - Running suricata under test mode 
 19/9/2013 -- 22:16:33 - <Info> - This is Suricata version 1.4.2 RELEASE 
 19/9/2013 -- 22:16:33 - <Info> - CPUs/cores online: 1 
 19/9/2013 -- 22:16:33 - <Info> - allocated 229376 bytes of memory for the defrag hash... 4096 buckets of size 56 
 19/9/2013 -- 22:16:33 - <Info> - preallocated 1000 defrag trackers of size 144 
 19/9/2013 -- 22:16:33 - <Info> - defrag memory usage: 373376 bytes, maximum: 16777216 
 19/9/2013 -- 22:16:33 - <Info> - AutoFP mode using default "Active Packets" flow load balancer 
 19/9/2013 -- 22:16:33 - <Info> - preallocated 10000 packets. Total memory 42580000 
 19/9/2013 -- 22:16:33 - <Info> - allocated 229376 bytes of memory for the host hash... 4096 buckets of size 56 
 19/9/2013 -- 22:16:33 - <Info> - preallocated 1000 hosts of size 120 
 19/9/2013 -- 22:16:33 - <Info> - host memory usage: 349376 bytes, maximum: 16777216 
 19/9/2013 -- 22:16:33 - <Info> - allocated 14680064 bytes of memory for the flow hash... 262144 buckets of size 56 
 19/9/2013 -- 22:16:33 - <Info> - preallocated 40000 flows of size 272 
 19/9/2013 -- 22:16:33 - <Info> - flow memory usage: 25560064 bytes, maximum: 2147483648 
 19/9/2013 -- 22:16:33 - <Info> - IP reputation disabled 
 19/9/2013 -- 22:16:33 - <Info> - using magic-file /usr/share/file/magic 
 19/9/2013 -- 22:16:33 - <Info> - Delayed detect disabled 
 19/9/2013 -- 22:16:41 - <Info> - 11 rule files processed. 7446 rules successfully loaded, 0 rules failed 
 19/9/2013 -- 22:16:46 - <Info> - 7476 signatures processed. 39 are IP-only rules, 2445 are inspecting packet payload, 5906 inspect application layer, 0 are decoder event only 
 19/9/2013 -- 22:16:46 - <Info> - building signature grouping structure, stage 1: adding signatures to signature source addresses... complete 
 19/9/2013 -- 22:16:47 - <Info> - building signature grouping structure, stage 2: building source address list... complete 
 19/9/2013 -- 22:16:50 - <Info> - building signature grouping structure, stage 3: building destination address lists... complete 
 19/9/2013 -- 22:16:52 - <Info> - Threshold config parsed: 141 rule(s) found 
 19/9/2013 -- 22:16:52 - <Info> - Core dump size set to unlimited. 
 19/9/2013 -- 22:16:52 - <Info> - fast output device (regular) initialized: fast.log 
 19/9/2013 -- 22:16:52 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 50 MB 
 19/9/2013 -- 22:16:52 - <Info> - http-log output device (regular) initialized: http.log 
 19/9/2013 -- 22:16:52 - <Info> - Configuration provided was successfully loaded. Exiting. 
 me@mybox:~$ 
 </pre>  

 <pre> 
 ---ENABLED EMPTY RULES FILE--- 
 me@mybox:~$ suricata -T -l /tmp -c /etc/suricata/suricata.yaml 
 19/9/2013 -- 22:17:18 - <Info> - Running suricata under test mode 
 19/9/2013 -- 22:17:18 - <Info> - This is Suricata version 1.4.2 RELEASE 
 19/9/2013 -- 22:17:18 - <Info> - CPUs/cores online: 1 
 19/9/2013 -- 22:17:18 - <Info> - allocated 229376 bytes of memory for the defrag hash... 4096 buckets of size 56 
 19/9/2013 -- 22:17:18 - <Info> - preallocated 1000 defrag trackers of size 144 
 19/9/2013 -- 22:17:18 - <Info> - defrag memory usage: 373376 bytes, maximum: 16777216 
 19/9/2013 -- 22:17:18 - <Info> - AutoFP mode using default "Active Packets" flow load balancer 
 19/9/2013 -- 22:17:18 - <Info> - preallocated 10000 packets. Total memory 42580000 
 19/9/2013 -- 22:17:18 - <Info> - allocated 229376 bytes of memory for the host hash... 4096 buckets of size 56 
 19/9/2013 -- 22:17:18 - <Info> - preallocated 1000 hosts of size 120 
 19/9/2013 -- 22:17:18 - <Info> - host memory usage: 349376 bytes, maximum: 16777216 
 19/9/2013 -- 22:17:18 - <Info> - allocated 14680064 bytes of memory for the flow hash... 262144 buckets of size 56 
 19/9/2013 -- 22:17:18 - <Info> - preallocated 40000 flows of size 272 
 19/9/2013 -- 22:17:18 - <Info> - flow memory usage: 25560064 bytes, maximum: 2147483648 
 19/9/2013 -- 22:17:18 - <Info> - IP reputation disabled 
 19/9/2013 -- 22:17:18 - <Info> - using magic-file /usr/share/file/magic 
 19/9/2013 -- 22:17:18 - <Info> - Delayed detect disabled 
 19/9/2013 -- 22:17:24 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/temporary-stuff.rules 
 me@mybox:~$ 
 </pre>  

 Note that everything stops processing here, no rules loaded (from my other files, the same number of rules should have been loaded. 

 Shouldn't the Warning be non-fatal?

Back

Project

General

Profile

Suricata

Bug #977