<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><font face="arial, helvetica, sans-serif">I am currently running Suricata-4.0.0 with pcre version 8.42. </font></div><div dir="ltr"><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">I compiled pcre version 8.42 as follows:</font></div><div><font face="arial, helvetica, sans-serif"><br></font></div><div><p style="margin:0px;font-size:11px;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="arial, helvetica, sans-serif">./configure --prefix=/usr                     \</font></span></p>
<p style="margin:0px;font-size:11px;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="arial, helvetica, sans-serif">            --docdir=/usr/share/doc/pcre-8.42 \</font></span></p>
<p style="margin:0px;font-size:11px;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="arial, helvetica, sans-serif">            --enable-unicode-properties       \</font></span></p>
<p style="margin:0px;font-size:11px;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="arial, helvetica, sans-serif">            --enable-pcre16                       \</font></span></p>
<p style="margin:0px;font-size:11px;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="arial, helvetica, sans-serif">            --enable-pcre32                       \</font></span></p>
<p style="margin:0px;font-size:11px;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="arial, helvetica, sans-serif">            --enable-pcregrep-libz              \</font></span></p>
<p style="margin:0px;font-size:11px;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="arial, helvetica, sans-serif">            --enable-pcregrep-libbz2          \</font></span></p>
<p style="margin:0px;font-size:11px;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="arial, helvetica, sans-serif">            --disable-static                          \</font></span></p>
<p style="margin:0px;font-size:11px;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="arial, helvetica, sans-serif">            --enable-pcretest-libreadline     \</font></span></p>
<p style="margin:0px;font-size:11px;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="arial, helvetica, sans-serif">            --enable-utf8</font></span></p><p style="margin:0px;font-size:11px;line-height:normal;color:rgb(0,0,0)"><font face="arial, helvetica, sans-serif"><br></font></p><p style="margin:0px;line-height:normal"><font face="arial, helvetica, sans-serif"><span style="color:rgb(0,0,0);font-size:11px">...and ran make </span></font></p><p style="margin:0px;line-height:normal"><font face="arial, helvetica, sans-serif"><span style="color:rgb(0,0,0);font-size:11px"><br></span></font></p><p style="margin:0px;line-height:normal"><font face="arial, helvetica, sans-serif"><span style="color:rgb(0,0,0);font-size:11px">Suricata was compiled as follows:</span></font></p><p style="margin:0px;line-height:normal"><font face="arial, helvetica, sans-serif"><span style="color:rgb(0,0,0);font-size:11px"><br></span></font></p><p style="margin:0px;font-size:11px;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="arial, helvetica, sans-serif">./configure with_libpcre_includes=/root/suricata-4.0.0/pcre-8.42/ with_libpcre_libraries=/root/suricata-4.0.0/pcre-8.42/.libs/</font></span></p><p style="margin:0px;font-size:11px;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="arial, helvetica, sans-serif"><br></font></span></p><p style="margin:0px;font-size:11px;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="arial, helvetica, sans-serif">...and ran make && make install </font></span></p><p style="margin:0px;font-size:11px;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="arial, helvetica, sans-serif"><br></font></span></p><p style="margin:0px;line-height:normal"><font face="arial, helvetica, sans-serif"><font color="#000000"><span style="font-size:11px">My goal is to make a rule that matches on the Chinese character: </span></font></font><span style="color:rgb(0,0,0);font-family:Menlo;font-size:11px">投</span></p><p style="margin:0px;line-height:normal"><font face="arial, helvetica, sans-serif"><span style="color:rgb(0,0,0);font-size:11px">I created a rule that matches on utf-8 characters (i.e. pcre:"/\xe6\x8a\95/") as well as utf-16</span></font></p><p style="margin:0px;line-height:normal"><font face="arial, helvetica, sans-serif"><font color="#000000"><span style="font-size:11px">(i.e. pcre:"/\X{6295}/"). Suricata accepted both rules but none of them matched the character </span></font></font></p><p style="margin:0px;line-height:normal"><font color="#000000" face="arial, helvetica, sans-serif"><span style="font-size:11px">that I know is in my sample data. Any Idea if my PCRE expression is incorrect or if I configured Suricata </span></font></p><p style="margin:0px;line-height:normal"><font color="#000000" face="arial, helvetica, sans-serif"><span style="font-size:11px">incorrectly? Are there other encoding formats that I am missing? </span></font></p><p style="margin:0px;line-height:normal"><font color="#000000" face="arial, helvetica, sans-serif"><span style="font-size:11px"><br></span></font></p><p style="margin:0px;line-height:normal"><font color="#000000" face="arial, helvetica, sans-serif"><span style="font-size:11px">Thanks</span></font></p><p style="margin:0px;font-size:11px;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="arial, helvetica, sans-serif"><br></font></span></p><p style="margin:0px;font-size:11px;line-height:normal;color:rgb(0,0,0)"><br></p><p style="margin:0px;font-size:11px;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="arial, helvetica, sans-serif"><br></font></span></p><p style="margin:0px;font-size:11px;line-height:normal;color:rgb(0,0,0)"><br></p></div></div></div></div></div></div></div></div>