Suricata: use suricata-update for rule management

As a bonus we can now run "suricata-update" using docker-exec, triggering both a rule update and a Suricata rule reload.
2025-07-02 01:27:27 -04:00 · 2020-11-26 18:10:16 +01:00
parent 2ecef8c607
commit 87a27e4f2b
9 changed files with 39 additions and 98 deletions
--- a/docker/suricata/dist/update.yaml
+++ b/docker/suricata/dist/update.yaml
@ -0,0 +1,12 @@
+disable-conf: /etc/suricata/disable.conf
+enable-conf: /etc/suricata/enable.conf
+#drop-conf: /etc/suricata/drop.conf
+modify-conf: /etc/suricata/modify.conf
+
+ignore:
+  - "*deleted.rules"
+  - "dhcp-events.rules"  # DHCP is disabled in suricata.yaml
+  - "files.rules"  # file-store is disabled in suricata.yaml
+
+reload-command: suricatasc -c ruleset-reload-rules
+