[Oisf-devel] Suricata v0.8.0 and pcre unknown regex modifier '/' error
rmkml
rmkml at free.fr
Sat Jan 2 14:06:22 UTC 2010
Hi,
After small testing, I have a small question with this signature:
alert tcp any any -> any any (msg:"test"; pcre:!"/MODE/m"; sid:987654321; rev:1;)
If I start suricata:
./suricata080beta -c suricata.yaml -r test.pcap --init-errors-fatal
...
[14876] 2/1/2010 -- 18:52:58 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /home/test/snort/rules/chat2.rules
DetectPcreParse: unknown regex modifier '/'
[14876] 2/1/2010 -- 18:52:58 - (detect-parse.c:811) <Error> (SigInitReal)
-- [ERRCODE: SC_ERR_INVALID_SIGNATURE(19)] - Signature init failed "alert tcp any any -> any any (msg:"test"; pcre:!"/MODE/m"; sid:987654321; rev:1;)
I have same pb with signature variant:
alert tcp any any -> any any (msg:"test"; pcre:!"/MODE/i"; sid:987654321; rev:1;)
ok this signature it's not good for production use (signature simplified for demonstrated pcre error), but error it's not appear on snort, maybe it's a suricata bug? Regars
Rmkml
Crusoe-Researches.com
More information about the Oisf-devel
mailing list