[Oisf-devel] Suricata v0.8.0 and isdataat and relative option: unknown keyword
rmkml
rmkml at free.fr
Sat Jan 2 16:42:02 UTC 2010
Hi,
After small testing, I have a new small question with this signature:
alert tcp any any -> any any (msg:"test"; flow:to_server,established; uricontent:"test"; nocase; isdataat:96,relative; sid:987654321; rev:1; )
If I start suricata:
./suricata080beta -c suricata.yaml -r test.pcap --init-errors-fatal
...
[15316] 2/1/2010 -- 21:30:39 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: test.rules
DetectIsdataatSetup: Unknown previous keyword!
ok this signature it's not good for production use (signature simplified
for demonstrated isdataat error), but error it's not appear on snort,
maybe it's a suricata bug?
Regards
Rmkml
Crusoe-Researches.com
More information about the Oisf-devel
mailing list