<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hmmmm, I'm stumped there. We run the same version in QA on suricata for each release and aren't getting that. <div><br></div><div>How many others are you getting?</div><div><br></div><div>Do you have the correct classifications file included?</div><div><br></div><div>What do some of the other errors look like?</div><div><br></div><div>Thanks!</div><div><br></div><div>Matt</div><div><br><div><div>On Jul 11, 2011, at 11:24 AM, Brant Wells wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">Hi All,<div><br></div><div>Not sure if this should be posted on the dev list or the users lists, so I thought I'd ask here first...</div><div><br></div><div>I'd like to use the Emerging Threats open rule sets for Suricata. However, when I updated the rules, now when I run Suricata, with --init-errors-fatal, I get</div>
<div><br></div><div><div>[ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "alert udp $EXTERNAL_NET any -> $HOME_NET 514 (msg:"ET DOS Cisco 514 UDP flood DoS"; content:"|25 25 25 25 25 58 58 25 25 25 25 25|"; classtype: attempted-dos; reference:url,<a href="http://www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml">www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml</a>; reference:url,<a href="http://doc.emergingthreats.net/bin/view/Main/2000010">doc.emergingthreats.net/bin/view/Main/2000010</a>; reference:url,<a href="http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Cisco_514_UDP_DoS">www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Cisco_514_UDP_DoS</a>; sid:2000010; rev:11;)" from file /etc/suricata/rules/emerging-dos.rules at line 54</div>
</div><div><br></div><div>A ton of rule errors like that. How can I find / fix them? I am running 1.1 beta 2 (rev 047b19d) from the git repo...</div><div><br></div><div>See Yas!<br>~Brant</div><div><br></div><div><br></div>
<div><br></div>
_______________________________________________<br>Oisf-users mailing list<br><a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br><a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br></blockquote></div><br><div>
<span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br>----------------------------------------------------<br>Matthew Jonkman</div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><a href="http://Emergingthreats.net">Emergingthreats.net</a><br>Emerging Threats Pro<br>Open Information Security Foundation (OISF)<br>Phone 866-504-2523 x110<br><a href="http://www.emergingthreatspro.com">http://www.emergingthreatspro.com</a><br>http://www.openinfosecfoundation.org<br>----------------------------------------------------<br><br>PGP: http://www.jonkmans.com/mattjonkman.asc<br><br><br></div></span></div></span></div></span></div></span></div></span></div></span></div></span></span>
</div>
<br></div></body></html>