[OISF/outreachy] Help needed in suricata setup

megha Varshney varshney.megha070 at gmail.com
Tue Mar 19 05:25:50 UTC 2019
Previous message (by thread): [OISF/outreachy] Help needed in Suricata Setup
Next message (by thread): [OISF/outreachy] Help needed in suricata setup
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Greetings,
Upon entering (sudo suricata -c /etc/suricata/suricata.yaml -i wlan0
--init-errors-fatal) command I am getting below error.


[12772] 18/3/2019 -- 22:51:33 - (detect-reference.c:139) <Error>
(DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] -
unknown reference key "url". Supported keys are defined in reference.config
file.  Please have a look at the conf param "reference-config-file"
[12772] 18/3/2019 -- 22:51:33 - (detect-engine-loader.c:184) <Error>
(DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error
parsing signature "alert tcp
[95.216.198.252,95.216.201.161,95.216.203.16,95.216.205.178,95.216.207.115,95.216.209.56,95.216.213.190,95.216.214.140,95.216.216.157,95.216.27.105]
any -> $HOME_NET any (msg:"ET TOR Known Tor Relay/Router (Not Exit) Node
Traffic group 721"; reference:url,
doc.emergingthreats.net/bin/view/Main/TorRules; threshold: type limit,
track by_src, seconds 60, count 1; classtype:misc-attack;
flowbits:set,ET.TorIP; sid:2523440; rev:3633; metadata:affected_product
Any, attack_target Any, deployment Perimeter, tag TOR, signature_severity
Audit, created_at 2008_12_01, updated_at 2019_03_15;)" from file
/etc/suricata/rules/tor.rules at line 850
[12772] 18/3/2019 -- 22:51:33 - (detect-reference.c:139) <Error>
(DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] -
unknown reference key "url". Supported keys are defined in reference.config
file.  Please have a look at the conf param "reference-config-file"
[12772] 18/3/2019 -- 22:51:33 - (detect-engine-loader.c:184) <Error>
(DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error
parsing signature "alert tcp
[95.216.3.166,95.216.3.171,95.216.33.30,95.216.33.58,95.216.54.12,95.216.56.195,95.216.61.110,95.216.61.98,95.216.98.55,95.216.99.156]
any -> $HOME_NET any (msg:"ET TOR Known Tor Relay/Router (Not Exit) Node
Traffic group 722"; reference:url,
doc.emergingthreats.net/bin/view/Main/TorRules; threshold: type limit,
track by_src, seconds 60, count 1; classtype:misc-attack;
flowbits:set,ET.TorIP; sid:2523442; rev:3633; metadata:affected_product
Any, attack_target Any, deployment Perimeter, tag TOR, signature_severity
Audit, created_at 2008_12_01, updated_at 2019_03_15;)" from file
/etc/suricata/rules/tor.rules at line 851
[12772] 18/3/2019 -- 22:51:33 - (detect-reference.c:139) <Error>
(DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] -
unknown reference key "url". Supported keys are defined in reference.config
file.  Please have a look at the conf param "reference-config-file"
[12772] 18/3/2019 -- 22:51:33 - (detect-engine-loader.c:184) <Error>
(DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error
parsing signature "alert tcp
[95.221.62.188,95.236.187.217,95.245.157.24,95.26.235.72,95.31.222.18,95.31.38.209,95.33.157.135,95.42.126.41,95.46.99.112,95.53.100.31]
any -> $HOME_NET any (msg:"ET TOR Known Tor Relay/Router (Not Exit) Node
Traffic group 723"; reference:url,
doc.emergingthreats.net/bin/view/Main/TorRules; threshold: type limit,
track by_src, seconds 60, count 1; classtype:misc-attack;
flowbits:set,ET.TorIP; sid:2523444; rev:3633; metadata:affected_product
Any, attack_target Any, deployment Perimeter, tag TOR, signature_severity
Audit, created_at 2008_12_01, updated_at 2019_03_15;)" from file
/etc/suricata/rules/tor.rules at line 852
[12772] 18/3/2019 -- 22:51:33 - (detect-reference.c:139) <Error>
(DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] -
unknown reference key "url". Supported keys are defined in reference.config
file.  Please have a look at the conf param "reference-config-file"
[12772] 18/3/2019 -- 22:51:33 - (detect-engine-loader.c:184) <Error>
(DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error
parsing signature "alert tcp
[95.53.8.186,95.71.125.74,95.79.97.219,95.80.10.222,95.84.154.208,95.85.19.85,95.85.20.73,95.85.2.103,95.85.32.10,95.85.8.226]
any -> $HOME_NET any (msg:"ET TOR Known Tor Relay/Router (Not Exit) Node
Traffic group 724"; reference:url,
doc.emergingthreats.net/bin/view/Main/TorRules; threshold: type limit,
track by_src, seconds 60, count 1; classtype:misc-attack;
flowbits:set,ET.TorIP; sid:2523446; rev:3633; metadata:affected_product
Any, attack_target Any, deployment Perimeter, tag TOR, signature_severity
Audit, created_at 2008_12_01, updated_at 2019_03_15;)" from file
/etc/suricata/rules/tor.rules at line 853
[12772] 18/3/2019 -- 22:51:33 - (detect-reference.c:139) <Error>
(DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] -
unknown reference key "url". Supported keys are defined in reference.config
file.  Please have a look at the conf param "reference-config-file"
[12772] 18/3/2019 -- 22:51:33 - (detect-engine-loader.c:184) <Error>
(DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error
parsing signature "alert tcp
[95.88.24.231,95.89.91.29,95.90.110.237,95.90.116.219,95.90.39.24,95.90.99.236,95.91.110.248,95.91.20.131,95.94.32.210,96.126.105.219]
any -> $HOME_NET any (msg:"ET TOR Known Tor Relay/Router (Not Exit) Node
Traffic group 725"; reference:url,
doc.emergingthreats.net/bin/view/Main/TorRules; threshold: type limit,
track by_src, seconds 60, count 1; classtype:misc-attack;
flowbits:set,ET.TorIP; sid:2523448; rev:3633; metadata:affected_product
Any, attack_target Any, deployment Perimeter, tag TOR, signature_severity
Audit, created_at 2008_12_01, updated_at 2019_03_15;)" from file
/etc/suricata/rules/tor.rules at line 854
[12772] 18/3/2019 -- 22:51:33 - (detect-reference.c:139) <Error>
(DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] -
unknown reference key "url". Supported keys are defined in reference.config
file.  Please have a look at the conf param "reference-config-file"
[12772] 18/3/2019 -- 22:51:33 - (detect-engine-loader.c:184) <Error>
(DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error
parsing signature "alert tcp
[96.126.125.187,96.126.96.9,96.231.241.201,96.232.86.12,96.233.74.108,96.233.76.139,96.238.19.30,96.242.251.57,96.244.94.245,96.245.54.251]
any -> $HOME_NET any (msg:"ET TOR Known Tor Relay/Router (Not Exit) Node
Traffic group 726"; reference:url,
doc.emergingthreats.net/bin/view/Main/TorRules; threshold: type limit,
track by_src, seconds 60, count 1; classtype:misc-attack;
flowbits:set,ET.TorIP; sid:2523450; rev:3633; metadata:affected_product
Any, attack_target Any, deployment Perimeter, tag TOR, signature_severity
Audit, created_at 2008_12_01, updated_at 2019_03_15;)" from file
/etc/suricata/rules/tor.rules at line 855
[12772] 18/3/2019 -- 22:51:33 - (detect-reference.c:139) <Error>
(DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] -
unknown reference key "url". Supported keys are defined in reference.config
file.  Please have a look at the conf param "reference-config-file"
[12772] 18/3/2019 -- 22:51:33 - (detect-engine-loader.c:184) <Error>
(DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error
parsing signature "alert tcp
[96.253.78.108,96.255.238.141,96.32.213.167,96.35.69.1,96.3.80.108,96.39.214.127,96.65.68.193,97.107.132.24,97.107.138.68,97.107.139.108]
any -> $HOME_NET any (msg:"ET TOR Known Tor Relay/Router (Not Exit) Node
Traffic group 727"; reference:url,
doc.emergingthreats.net/bin/view/Main/TorRules; threshold: type limit,
track by_src, seconds 60, count 1; classtype:misc-attack;
flowbits:set,ET.TorIP; sid:2523452; rev:3633; metadata:affected_product
Any, attack_target Any, deployment Perimeter, tag TOR, signature_severity
Audit, created_at 2008_12_01, updated_at 2019_03_15;)" from file
/etc/suricata/rules/tor.rules at line 856
[12772] 18/3/2019 -- 22:51:33 - (detect-reference.c:139) <Error>
(DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] -
unknown reference key "url". Supported keys are defined in reference.config
file.  Please have a look at the conf param "reference-config-file"
[12772] 18/3/2019 -- 22:51:33 - (detect-engine-loader.c:184) <Error>
(DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error
parsing signature "alert tcp
[97.107.139.28,97.107.142.234,97.119.208.241,97.122.230.236,97.127.21.199,97.99.143.196,98.113.127.124,98.114.237.82,98.116.200.172,98.148.135.114]
any -> $HOME_NET any (msg:"ET TOR Known Tor Relay/Router (Not Exit) Node
Traffic group 728"; reference:url,
doc.emergingthreats.net/bin/view/Main/TorRules; threshold: type limit,
track by_src, seconds 60, count 1; classtype:misc-attack;
flowbits:set,ET.TorIP; sid:2523454; rev:3633; metadata:affected_product
Any, attack_target Any, deployment Perimeter, tag TOR, signature_severity
Audit, created_at 2008_12_01, updated_at 2019_03_15;)" from file
/etc/suricata/rules/tor.rules at line 857
[12772] 18/3/2019 -- 22:51:33 - (detect-reference.c:139) <Error>
(DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] -
unknown reference key "url". Supported keys are defined in reference.config
file.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/outreachy/attachments/20190319/df117fbf/attachment-0001.html>
Previous message (by thread): [OISF/outreachy] Help needed in Suricata Setup
Next message (by thread): [OISF/outreachy] Help needed in suricata setup
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Outreachy mailing list