# Set the default rule path here to search for the files. # if not set, it will look at the current working dir default-rule-path: /usr/local/etc/suricata/rules rule-files: - botcc.rules - ciarmy.rules - compromised.rules - drop.rules - dshield.rules - emerging-activex.rules - emerging-attack_response.rules - emerging-chat.rules - emerging-current_events.rules - emerging-dns.rules - emerging-dos.rules - emerging-exploit.rules - emerging-ftp.rules - emerging-games.rules - emerging-icmp_info.rules - emerging-icmp.rules - emerging-imap.rules - emerging-inappropriate.rules - emerging-malware.rules ..... output truncated...
the default rules directory is not the same as the one i am using. I need to change it in order to utilize the rules in my own directory /etc/suricata/rules
I changed the config to:
# Set the default rule path here to search for the files. # if not set, it will look at the current working dir default-rule-path: /etc/suricata/rules .... output truncated
Restart suricata: sudo suricata -c /etc/suricata/suricata.yaml -i eth0 -D
cyruslab 