Moving to ports@openbsd.org, please reply there On 2022/04/05 10:31, George Pontis wrote: > OpenBSD 7.0 release for amd64 > > After installing the suricata 6.0.2 package, the readme provides guidance > for using suricata-update as follows: > > ***** > > suricata-update > --------------- > suricata-update is the recommended way to install and update rules. > By default it will download the new rules into /var/suricata/rules > > Edit /etc/suricata/suricata.yaml and replace the existing default-rule-path > and rule-files sections with this: > > default-rule-path: /var/suricata/rules/ > rule-files: > - suricata.rules > > ***** > > However, suricata-update is actually coded to put the rules under > /var/lib/suricata/rules, so the running instance does not see the rules and > bombs out in a flood of errors >
Can you show some more information and the actual error messages? As far as I can see suricata-update is patched in the port to use the location directly under /var (VARBASE). https://github.com/openbsd/ports/blob/master/security/suricata/patches/patch-suricata-update_suricata_update_config_py https://github.com/openbsd/ports/blob/master/security/suricata/patches/patch-suricata-update_suricata_update_parsers_py