Does anyone know if it is possible to back up or export all the data for Suricata? After years of tuning rules, I’d like to move them from one device to a new device. I’m using the free ET and free Snort rules, though mostly only the ET rules ever trigger an event.
I see reference to an suricata.xml file in the system config backup, does this file hold what I want?
I saw something that looked like it might have been the ET rules numbers, but it didn’t look like enough of them. I’ll take a closer look and see what I can determine.
If all this fails, I may need to try and sync the rules between both boxes before I completely decommission the old firewall.