"
We are using OPNsense + Suricata at several sites and would like to transfer the Suricata rule settings made at the main site to all other sites automatically (e.g. via SSH).
(specifically the configuration "Services" -> "Intrusion Detection" -> "Policy" -> "Rule adjustments" in the web interface).
In /usr/local/etc/suricata/rules.config you will find exactly this information, but it is not sufficient to simply transfer this file to the other FWs via SSH. In the web interface (above path) the configuration from the inserted rules.config is not displayed even after a Suricata service restart.
Is it still necessary to read in the rules.config manually via a Suricata command?
(specifically the configuration "Services" -> "Intrusion Detection" -> "Policy" -> "Rule adjustments" in the web interface).
In /usr/local/etc/suricata/rules.config you will find exactly this information, but it is not sufficient to simply transfer this file to the other FWs via SSH. In the web interface (above path) the configuration from the inserted rules.config is not displayed even after a Suricata service restart.
Is it still necessary to read in the rules.config manually via a Suricata command?
