Hi,
I check my system and noticed, that the suricata does not work correct. I will not load his rule set.
Also, when I change the use rule set to snort, the service “suricata” stopps.
I had to start the service via console with “/etc/init.d/suricata start”
Also when I change the rule set back to “Emergingththreads.net”.
The Log file will show the following lines:
12:04:50 suricata: Signature(s) loaded, Detect thread(s) activated. 12:04:50 suricata: rule reload complete 12:04:49 suricata: [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rule was loaded at all! 12:04:49 suricata: rule reload starting 12:04:49 suricata: all 2 packet processing threads, 2 management threads initialized, engine starte d. 12:04:49 suricata: [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active 12:04:49 suricata: This is Suricata version 5.0.6 RELEASE running in SYSTEM mode 12:04:33 suricata: (W-NFQ#1) Verdict: Accepted 676, Dropped 18, Replaced 0 12:04:33 suricata: (W-NFQ#1) Treated: Pkts 694, Bytes 448712, Errors 0 12:04:33 suricata: (W-NFQ#0) Verdict: Accepted 3181, Dropped 10, Replaced 0 12:04:33 suricata: (W-NFQ#0) Treated: Pkts 3191, Bytes 2699560, Errors 0 12:04:32 suricata: Signal Received. Stopping engine.
How can I be sure, that the rules are really loaded ?
Best regards
R.