[Oisf-devel] {7} suricata v0.8.0 pcre error

rmkml rmkml at free.fr
Tue Jan 5 05:03:34 UTC 2010


Hi,
During my test, I have a pcre error with this signature:
  alert tcp any any -> any any (msg:"test7"; pcre:"/\\/"; classtype:policy-violation; sid:987654321; rev:1;)
It's a simplified signature for demonstrated pcre error. (this signature work with snort)
suricata error:
[3834] 5/1/2010 -- 09:58:46 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: test.rules
[3834] 5/1/2010 -- 09:58:46 - (detect-parse.c:811) <Error> (SigInitReal) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(19)] - Signature init failed "alert tcp any any -> any any (msg:"test7"; pcre:"/\\/"; classtype:policy-violation; sid:987654321; rev:1;)
suricata cmd line starting:
  ./suricata080beta -c suricata.yaml -r test.pcap --init-errors-fatal
If I replace "\\" to "\x7C" it's work.
Regards
Rmkml
Crusoe-Researches.com



More information about the Oisf-devel mailing list