Bug #2334
closed--output influences cached index location
Description
The -o parameter sets the output directory where rules are written to. Any downloaded file, including the source index is also cached in a directory under this directory, .cache. This can lead to confusing operation.
For example, the user will update their sources:
suricata-update update-sources
This downloads the index to the default location of /var/lib/suricata/rules/.cache/index as the default --output directory of /var/lib/suricata/rules is used.
The user then wants to update their rules, writing the output to an alternate location:
suricata-update -o /etc/suricata/rules
If the user had enabled et/pro, the index is going to be looked for in /etc/suricata/rules/.cache, not where it is.
One solution is to use -o /etc/suricata/rules when running update-source.
The real issue here is that update-sources reuses the cache directory, and the cache directory was initially under the rules directory to limit the number of directories to deal with permissions on. Now that we use /var/lib/suricata/update, we can put the cache in there as well. Then leave --output strictly as an option to influence the output, and not the cache.
A --state-dir parameter could also be useful to change the default or /var/lib/suricata to something else.
Updated by Jason Ish almost 7 years ago
- Status changed from Assigned to Closed
- Target version set to 1.0.0b1