* [PATCH] suricata: Do not load rules for dnp3 and modbus.
@ 2021-12-16 19:23 Stefan Schantl
2021-12-17 10:17 ` Michael Tremer
0 siblings, 1 reply; 2+ messages in thread
From: Stefan Schantl @ 2021-12-16 19:23 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1270 bytes --]
The parsers for those are disabled in the suricata config so
the rules are not needed, on the contrary they massively will spam
warnings when launching suricate because of the disabled parsers.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
config/suricata/suricata-default-rules.yaml | 2 --
1 file changed, 2 deletions(-)
diff --git a/config/suricata/suricata-default-rules.yaml b/config/suricata/suricata-default-rules.yaml
index 64493e462..d6c358add 100644
--- a/config/suricata/suricata-default-rules.yaml
+++ b/config/suricata/suricata-default-rules.yaml
@@ -5,13 +5,11 @@
- /usr/share/suricata/rules/app-layer-events.rules
- /usr/share/suricata/rules/decoder-events.rules
- /usr/share/suricata/rules/dhcp-events.rules
- - /usr/share/suricata/rules/dnp3-events.rules
- /usr/share/suricata/rules/dns-events.rules
- /usr/share/suricata/rules/files.rules
- /usr/share/suricata/rules/http-events.rules
- /usr/share/suricata/rules/ipsec-events.rules
- /usr/share/suricata/rules/kerberos-events.rules
- - /usr/share/suricata/rules/modbus-events.rules
- /usr/share/suricata/rules/nfs-events.rules
- /usr/share/suricata/rules/ntp-events.rules
- /usr/share/suricata/rules/smb-events.rules
--
2.30.2
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] suricata: Do not load rules for dnp3 and modbus.
2021-12-16 19:23 [PATCH] suricata: Do not load rules for dnp3 and modbus Stefan Schantl
@ 2021-12-17 10:17 ` Michael Tremer
0 siblings, 0 replies; 2+ messages in thread
From: Michael Tremer @ 2021-12-17 10:17 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1506 bytes --]
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
This makes a lot of sense. Thank you.
> On 16 Dec 2021, at 20:23, Stefan Schantl <stefan.schantl(a)ipfire.org> wrote:
>
> The parsers for those are disabled in the suricata config so
> the rules are not needed, on the contrary they massively will spam
> warnings when launching suricate because of the disabled parsers.
>
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
> config/suricata/suricata-default-rules.yaml | 2 --
> 1 file changed, 2 deletions(-)
>
> diff --git a/config/suricata/suricata-default-rules.yaml b/config/suricata/suricata-default-rules.yaml
> index 64493e462..d6c358add 100644
> --- a/config/suricata/suricata-default-rules.yaml
> +++ b/config/suricata/suricata-default-rules.yaml
> @@ -5,13 +5,11 @@
> - /usr/share/suricata/rules/app-layer-events.rules
> - /usr/share/suricata/rules/decoder-events.rules
> - /usr/share/suricata/rules/dhcp-events.rules
> - - /usr/share/suricata/rules/dnp3-events.rules
> - /usr/share/suricata/rules/dns-events.rules
> - /usr/share/suricata/rules/files.rules
> - /usr/share/suricata/rules/http-events.rules
> - /usr/share/suricata/rules/ipsec-events.rules
> - /usr/share/suricata/rules/kerberos-events.rules
> - - /usr/share/suricata/rules/modbus-events.rules
> - /usr/share/suricata/rules/nfs-events.rules
> - /usr/share/suricata/rules/ntp-events.rules
> - /usr/share/suricata/rules/smb-events.rules
> --
> 2.30.2
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-12-17 10:17 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-16 19:23 [PATCH] suricata: Do not load rules for dnp3 and modbus Stefan Schantl
2021-12-17 10:17 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox