Project

General

Profile

Actions

Bug #977

closed

WARNING on empty rules file is fatal (should not be)

Added by Duane Howard over 11 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Output from the two scenarios (empty rules file enabled/disabled):

---DISABLED EMPTY RULES FILE---
me@mybox:~$ suricata -T -l /tmp -c /etc/suricata/suricata.yaml
19/9/2013 -- 22:16:33 - <Info> - Running suricata under test mode
19/9/2013 -- 22:16:33 - <Info> - This is Suricata version 1.4.2 RELEASE
19/9/2013 -- 22:16:33 - <Info> - CPUs/cores online: 1
19/9/2013 -- 22:16:33 - <Info> - allocated 229376 bytes of memory for the defrag hash... 4096 buckets of size 56
19/9/2013 -- 22:16:33 - <Info> - preallocated 1000 defrag trackers of size 144
19/9/2013 -- 22:16:33 - <Info> - defrag memory usage: 373376 bytes, maximum: 16777216
19/9/2013 -- 22:16:33 - <Info> - AutoFP mode using default "Active Packets" flow load balancer
19/9/2013 -- 22:16:33 - <Info> - preallocated 10000 packets. Total memory 42580000
19/9/2013 -- 22:16:33 - <Info> - allocated 229376 bytes of memory for the host hash... 4096 buckets of size 56
19/9/2013 -- 22:16:33 - <Info> - preallocated 1000 hosts of size 120
19/9/2013 -- 22:16:33 - <Info> - host memory usage: 349376 bytes, maximum: 16777216
19/9/2013 -- 22:16:33 - <Info> - allocated 14680064 bytes of memory for the flow hash... 262144 buckets of size 56
19/9/2013 -- 22:16:33 - <Info> - preallocated 40000 flows of size 272
19/9/2013 -- 22:16:33 - <Info> - flow memory usage: 25560064 bytes, maximum: 2147483648
19/9/2013 -- 22:16:33 - <Info> - IP reputation disabled
19/9/2013 -- 22:16:33 - <Info> - using magic-file /usr/share/file/magic
19/9/2013 -- 22:16:33 - <Info> - Delayed detect disabled
19/9/2013 -- 22:16:41 - <Info> - 11 rule files processed. 7446 rules successfully loaded, 0 rules failed
19/9/2013 -- 22:16:46 - <Info> - 7476 signatures processed. 39 are IP-only rules, 2445 are inspecting packet payload, 5906 inspect application layer, 0 are decoder event only
19/9/2013 -- 22:16:46 - <Info> - building signature grouping structure, stage 1: adding signatures to signature source addresses... complete
19/9/2013 -- 22:16:47 - <Info> - building signature grouping structure, stage 2: building source address list... complete
19/9/2013 -- 22:16:50 - <Info> - building signature grouping structure, stage 3: building destination address lists... complete
19/9/2013 -- 22:16:52 - <Info> - Threshold config parsed: 141 rule(s) found
19/9/2013 -- 22:16:52 - <Info> - Core dump size set to unlimited.
19/9/2013 -- 22:16:52 - <Info> - fast output device (regular) initialized: fast.log
19/9/2013 -- 22:16:52 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 50 MB
19/9/2013 -- 22:16:52 - <Info> - http-log output device (regular) initialized: http.log
19/9/2013 -- 22:16:52 - <Info> - Configuration provided was successfully loaded. Exiting.
me@mybox:~$

---ENABLED EMPTY RULES FILE---
me@mybox:~$ suricata -T -l /tmp -c /etc/suricata/suricata.yaml
19/9/2013 -- 22:17:18 - <Info> - Running suricata under test mode
19/9/2013 -- 22:17:18 - <Info> - This is Suricata version 1.4.2 RELEASE
19/9/2013 -- 22:17:18 - <Info> - CPUs/cores online: 1
19/9/2013 -- 22:17:18 - <Info> - allocated 229376 bytes of memory for the defrag hash... 4096 buckets of size 56
19/9/2013 -- 22:17:18 - <Info> - preallocated 1000 defrag trackers of size 144
19/9/2013 -- 22:17:18 - <Info> - defrag memory usage: 373376 bytes, maximum: 16777216
19/9/2013 -- 22:17:18 - <Info> - AutoFP mode using default "Active Packets" flow load balancer
19/9/2013 -- 22:17:18 - <Info> - preallocated 10000 packets. Total memory 42580000
19/9/2013 -- 22:17:18 - <Info> - allocated 229376 bytes of memory for the host hash... 4096 buckets of size 56
19/9/2013 -- 22:17:18 - <Info> - preallocated 1000 hosts of size 120
19/9/2013 -- 22:17:18 - <Info> - host memory usage: 349376 bytes, maximum: 16777216
19/9/2013 -- 22:17:18 - <Info> - allocated 14680064 bytes of memory for the flow hash... 262144 buckets of size 56
19/9/2013 -- 22:17:18 - <Info> - preallocated 40000 flows of size 272
19/9/2013 -- 22:17:18 - <Info> - flow memory usage: 25560064 bytes, maximum: 2147483648
19/9/2013 -- 22:17:18 - <Info> - IP reputation disabled
19/9/2013 -- 22:17:18 - <Info> - using magic-file /usr/share/file/magic
19/9/2013 -- 22:17:18 - <Info> - Delayed detect disabled
19/9/2013 -- 22:17:24 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/temporary-stuff.rules
me@mybox:~$

Note that everything stops processing here, no rules loaded (from my other files, the same number of rules should have been loaded.

Shouldn't the Warning be non-fatal?

Actions

Also available in: Atom PDF