<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hi all, I’m a new Suricata user and subscriber to this listserv. I’ve been a Snort user for a number of years and we’re currently using Snort as our IDS system. A friend suggested that we take a look at Suricata and I happen to have a new
server (hand me down, but new to us) to test it on. The problem that I am running into on either 2.0rc2 or 1.4.7 is that, despite editing all of the appropriate stanzas in suricata.yaml, I’m getting an error indicating that the magic file is failing to load.
I already submitted this as a bug before I found this listserv – see below.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks in advance for any suggestions.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoPlainText">Bug #1148: 1.4.7 will not run on Windows Server 2012 because magic file will not load<o:p></o:p></p>
<p class="MsoPlainText"><a href="https://redmine.openinfosecfoundation.org/issues/1148">https://redmine.openinfosecfoundation.org/issues/1148</a><o:p></o:p></p>
<p class="MsoPlainText">Installed 2.0rc2 and then back-revved to 1.4.7 but I get the same error, despite editing all of the relevant paths in suricata.yaml<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">[ERRCODE: UNKNOWN_ERROR(197)] - magic_load failed: count not find any magic files!<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">The relevant stanza in my suricata.yaml is as follows (and the path is correct):<o:p></o:p></p>
<p class="MsoPlainText">magic-file: D:\Suricata\magic.mgc<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Jason Richardson<span style="font-family:"Arial","sans-serif""><o:p></o:p></span></p>
<p class="MsoNormal">IT Security Analyst<span style="font-family:"Arial","sans-serif""><o:p></o:p></span></p>
<p class="MsoNormal">Information Technology Services<span style="font-family:"Arial","sans-serif""><o:p></o:p></span></p>
<p class="MsoNormal">Bowling Green State University<span style="font-family:"Arial","sans-serif""><o:p></o:p></span></p>
</div>
</body>
</html>