I am able to make changes to paramaters in suricata.yaml , and the file appears to save properly with the edits (file size changes after initially being saved with the edits), but then the file reverts back to the original form and size again (as if never edited) as soon as suricata is enabled again. I tried many variations of trying to edit this file: making the edits on the desktop, then using scp to transfer to the OPNSense router; making the edits from within the OPNSense shell (ssh) using vi. The edits made to this file just don't stick. Anyone else having this problem? Anyone know what the cause it and how to fix it?
Hi antonym,
The sticky file is:
/usr/local/opnsense/service/templates/OPNsense/IDS/custom.yaml
suricata.yaml is supposed to be overwritten in order to keep a coherent configuration.
Cheers,
Franco
Hi Franco
Thank you very much for the instruction, and quick reply. I'll do that next.
Regards
Ant