OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: techadmin on June 28, 2023, 11:35:48 am

Title: Distribute Suricata rule configuration to additional FWs
Post by: techadmin on June 28, 2023, 11:35:48 am: We are using OPNsense + Suricata at several sites and would like to transfer the Suricata rule settings made at the main site to all other sites automatically (e.g. via SSH).

(specifically the configuration "Services" -> "Intrusion Detection" -> "Policy" -> "Rule adjustments" in the web interface).

In /usr/local/etc/suricata/rules.config you will find exactly this information, but it is not sufficient to simply transfer this file to the other FWs via SSH. In the web interface (above path) the configuration from the inserted rules.config is not displayed even after a Suricata service restart.

Is it still necessary to read in the rules.config manually via a Suricata command?

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy