Hi,
I want to start again by saying thank you for this wonderful distribution.
I configured my suricata to enable and send EVE logs in JSON format to a remote syslog server, where a promtail container runs and sends all info to Loki for viewing using this grafana dashboard. As the topic title says, I recently updated to core 194 and it overwrote all changes I made to suricata.yaml.
No love lost here as the config is in my gitea instance but begs the question: How to retain changes made to suricata configuration? There is a /var/lib/suricata/local.rules which I use for custom rulesets but I see no mention in the IPFire documentation regarding where to put custom suricata config so that it doesn’t get overwritten by an upgrade
EDIT: Forgot to mention that I thought about adding an include: /var/lib/suricata/custom.yaml but that include line will also get overwritten by a suricata upgrade