Mutzli
Very Senior Member
And with the new suricata.yaml "attack_response.rules" loaded it's working as well:
I still don't know why my initial setup got screwed up when updating to the latest .yaml configuration.
Code:
suricata -T
28/7/2020 -- 08:55:38 - <Info> - Running suricata under test mode
28/7/2020 -- 08:55:38 - <Info> - Configuration node 'legacy' redefined.
28/7/2020 -- 08:55:38 - <Notice> - This is Suricata version 4.1.8 RELEASE
28/7/2020 -- 08:55:38 - <Info> - CPUs/cores online: 4
28/7/2020 -- 08:55:38 - <Info> - fast output device (regular) initialized: fast.log
28/7/2020 -- 08:55:38 - <Info> - stats output device (regular) initialized: stats.log
28/7/2020 -- 08:55:38 - <Info> - 20 rule files processed. 3110 rules successfully loaded, 0 rules failed
28/7/2020 -- 08:55:38 - <Info> - Threshold config parsed: 0 rule(s) found
28/7/2020 -- 08:55:38 - <Info> - 3110 signatures processed. 224 are IP-only rules, 567 are inspecting packet payload, 2458 inspect application layer, 0 are decoder event only
28/7/2020 -- 08:55:42 - <Notice> - Configuration provided was successfully loaded. Exiting.
28/7/2020 -- 08:55:42 - <Info> - cleaning up signature grouping structure... complete