The Windows Suricata runner fails on per-machine installs of the Zui app because it ignores the BRIM_SURICATA_USER_DIR environment variable and tries to write a Suricata configuration file to its own directory, which isn't writable by a non-Administrator on per-machine installs. Fix by writing the file to BRIM_SURICATA_USER_DIR if specified.
The Windows runner also ignores the rules file that suricataupdater.exe generates at $BRIM_SURICATA_USER_DIR\rules\suricata.rules. Fix by using that file if it exists, falling back to the packaged rules file if it does not.
The Windows Suricata runner fails on per-machine installs of the Zui app because it ignores the BRIM_SURICATA_USER_DIR environment variable and tries to write a Suricata configuration file to its own directory, which isn't writable by a non-Administrator on per-machine installs. Fix by writing the file to BRIM_SURICATA_USER_DIR if specified.
The Windows runner also ignores the rules file that suricataupdater.exe generates at $BRIM_SURICATA_USER_DIR\rules\suricata.rules. Fix by using that file if it exists, falling back to the packaged rules file if it does not.
For brimdata/zui#2715.