[Oisf-users] Most rules fail to load
Rich Rumble
richrumble at gmail.com
Sat Jan 2 21:49:56 UTC 2010
I've tried on two seperate Fedora boxes now and run into the same
issue, most rules fail to load from Snort or ET... only 5 rules total,
out of hundreds if not thousands in all 71 rules files. I assume it's
a known issue or " --init-errors-fatal" wouldn't be a arg?
Attached is a complete start from this command on Fedora 12
2.6.31.9-174.fc12.i686
/usr/local/bin/suricata -c suricata.yaml -i eth0 -s test.rule
If it makes a difference I simply made a blank classification.config
file as I have no idea what that file should contain or where to find
a proper one, and commenting out the line in suricata.yaml had no
effect on the error I was recieving for not having one.... I hope it's
just F(edora)12 or me missing a dep or something...
The 5 loaded rules come from these two files...
[9624] 2/1/2010 -- 16:18:22 - (detect.c:268) <Info>
(DetectLoadSigFile) -- 2 successfully loaded from file
/etc/suricata/emerging-virus.rules.
[9624] 2/1/2010 -- 16:18:26 - (detect.c:268) <Info>
(DetectLoadSigFile) -- 3 successfully loaded from file
/etc/suricata/emerging-current_events.rules.
[9624] 2/1/2010 -- 16:18:26 - (detect.c:268) <Info>
(DetectLoadSigFile) -- 0 successfully loaded from file test.rule.
[9624] 2/1/2010 -- 16:18:26 - (detect.c:270) <Info>
(DetectLoadSigFile) -- 1 sigs failed to load from file test.rule.
That sig in test.rule is:
alert tcp any any -> $HOME_NET 139:445 (msg:"EXPLOIT Foofus.net
Password dumping, dll injection"; flow:to_server,established;
content:"|6c 00 73 00 72 00 65 00 6d 00 6f 00 72 00 61|";
classtype:suspicious-filename-detect; sid:999999; rev:1;)
-rich
-------------- next part --------------
[root at xinn]# cd /home/xxx/Downloads/suricata-current
[root at xinn suricata-current]# /usr/local/bin/suricata -c suricata.yaml -i eth0 -s test.rule
Warning: Invalid global_log_level assigned by user. Falling back on the default_log_level "Info"
Warning: Invalid global_log_format supplied by user or format length exceeded limit of "128" characters. Falling back on default log_format "[%i] %t - (%f:%l) <%d> (%n) -- "
Warning: Output_interface not supplied by user. Falling back on default_output_interface "Console"
[9624] 2/1/2010 -- 16:18:17 - (suricata.c:425) <Info> (main) -- This is Suricata version 0.8.0
[9624] 2/1/2010 -- 16:18:17 - (util-debug.c:1050) <Warning> (SCLogLoadConfig) -- [ERRCODE: SC_UNIMPLEMENTED(56)] - Ignoring unknown logging interface: file
[9624] 2/1/2010 -- 16:18:17 - (suricata.c:583) <Info> (main) -- preallocating packets... packet size 88484
[9624] 2/1/2010 -- 16:18:17 - (suricata.c:597) <Info> (main) -- preallocating packets... done: total memory 4424200
[9624] 2/1/2010 -- 16:18:17 - (flow.c:426) <Info> (FlowInitConfig) -- initializing flow engine...
[9624] 2/1/2010 -- 16:18:17 - (flow.c:468) <Info> (FlowInitConfig) -- allocated 1835008 bytes of memory for the flow hash... 65536 buckets of size 28
[9624] 2/1/2010 -- 16:18:17 - (flow.c:482) <Info> (FlowInitConfig) -- preallocated 10000 flows of size 140
[9624] 2/1/2010 -- 16:18:17 - (flow.c:484) <Info> (FlowInitConfig) -- flow memory usage: 1835008 bytes, maximum: 33554432
[9624] 2/1/2010 -- 16:18:17 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/attack-responses.rules
[9624] 2/1/2010 -- 16:18:17 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/attack-responses.rules.
[9624] 2/1/2010 -- 16:18:17 - (detect.c:270) <Info> (DetectLoadSigFile) -- 15 sigs failed to load from file /etc/suricata/attack-responses.rules.
[9624] 2/1/2010 -- 16:18:17 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/attack-responses.rules
[9624] 2/1/2010 -- 16:18:17 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/backdoor.rules
[9624] 2/1/2010 -- 16:18:17 - (detect-depth.c:41) <Error> (DetectDepthSetup) -- [ERRCODE: SC_ERR_DEPTH_MISSING_CONTENT(72)] - depth needs a preceeding content option
[9624] 2/1/2010 -- 16:18:17 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/backdoor.rules.
[9624] 2/1/2010 -- 16:18:17 - (detect.c:270) <Info> (DetectLoadSigFile) -- 690 sigs failed to load from file /etc/suricata/backdoor.rules.
[9624] 2/1/2010 -- 16:18:17 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/backdoor.rules
[9624] 2/1/2010 -- 16:18:17 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/bad-traffic.rules
[9624] 2/1/2010 -- 16:18:17 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/bad-traffic.rules.
[9624] 2/1/2010 -- 16:18:17 - (detect.c:270) <Info> (DetectLoadSigFile) -- 6 sigs failed to load from file /etc/suricata/bad-traffic.rules.
[9624] 2/1/2010 -- 16:18:17 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/bad-traffic.rules
[9624] 2/1/2010 -- 16:18:17 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/chat.rules
[9624] 2/1/2010 -- 16:18:17 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/chat.rules.
[9624] 2/1/2010 -- 16:18:17 - (detect.c:270) <Info> (DetectLoadSigFile) -- 41 sigs failed to load from file /etc/suricata/chat.rules.
[9624] 2/1/2010 -- 16:18:17 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/chat.rules
[9624] 2/1/2010 -- 16:18:17 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/ddos.rules
[9624] 2/1/2010 -- 16:18:17 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'icmp_seq'.
[9624] 2/1/2010 -- 16:18:17 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'icmp_seq'.
[9624] 2/1/2010 -- 16:18:17 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/ddos.rules.
[9624] 2/1/2010 -- 16:18:17 - (detect.c:270) <Info> (DetectLoadSigFile) -- 30 sigs failed to load from file /etc/suricata/ddos.rules.
[9624] 2/1/2010 -- 16:18:17 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/ddos.rules
[9624] 2/1/2010 -- 16:18:17 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/deleted.rules
[9624] 2/1/2010 -- 16:18:17 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/deleted.rules.
[9624] 2/1/2010 -- 16:18:17 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/deleted.rules
[9624] 2/1/2010 -- 16:18:17 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/dns.rules
[9624] 2/1/2010 -- 16:18:17 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/dns.rules.
[9624] 2/1/2010 -- 16:18:17 - (detect.c:270) <Info> (DetectLoadSigFile) -- 22 sigs failed to load from file /etc/suricata/dns.rules.
[9624] 2/1/2010 -- 16:18:17 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/dns.rules
[9624] 2/1/2010 -- 16:18:17 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/dos.rules
[9624] 2/1/2010 -- 16:18:17 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/dos.rules.
[9624] 2/1/2010 -- 16:18:17 - (detect.c:270) <Info> (DetectLoadSigFile) -- 18 sigs failed to load from file /etc/suricata/dos.rules.
[9624] 2/1/2010 -- 16:18:17 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/dos.rules
[9624] 2/1/2010 -- 16:18:17 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/experimental.rules
[9624] 2/1/2010 -- 16:18:17 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/experimental.rules.
[9624] 2/1/2010 -- 16:18:17 - (detect.c:270) <Info> (DetectLoadSigFile) -- 3 sigs failed to load from file /etc/suricata/experimental.rules.
[9624] 2/1/2010 -- 16:18:17 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/experimental.rules
[9624] 2/1/2010 -- 16:18:17 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/exploit.rules
[9624] 2/1/2010 -- 16:18:17 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'asn1'.
[9624] 2/1/2010 -- 16:18:17 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'asn1'.
DetectPcreParse: unknown regex modifier '/'
DetectPcreParse: unknown regex modifier '/'
DetectPcreParse: unknown regex modifier '/'
[9624] 2/1/2010 -- 16:18:17 - (detect-within.c:52) <Error> (DetectWithinSetup) -- [ERRCODE: SC_ERR_WITHIN_MISSING_CONTENT(70)] - within needs two preceeding content options
[9624] 2/1/2010 -- 16:18:17 - (detect-within.c:52) <Error> (DetectWithinSetup) -- [ERRCODE: SC_ERR_WITHIN_MISSING_CONTENT(70)] - within needs two preceeding content options
[9624] 2/1/2010 -- 16:18:17 - (detect-within.c:52) <Error> (DetectWithinSetup) -- [ERRCODE: SC_ERR_WITHIN_MISSING_CONTENT(70)] - within needs two preceeding content options
[9624] 2/1/2010 -- 16:18:18 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/exploit.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:270) <Info> (DetectLoadSigFile) -- 209 sigs failed to load from file /etc/suricata/exploit.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/exploit.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/finger.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/finger.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:270) <Info> (DetectLoadSigFile) -- 13 sigs failed to load from file /etc/suricata/finger.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/finger.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/ftp.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/ftp.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:270) <Info> (DetectLoadSigFile) -- 76 sigs failed to load from file /etc/suricata/ftp.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/ftp.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/icmp-info.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/icmp-info.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:270) <Info> (DetectLoadSigFile) -- 93 sigs failed to load from file /etc/suricata/icmp-info.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/icmp-info.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/icmp.rules
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'icmp_seq'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'icmp_seq'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'icmp_seq'.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/icmp.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:270) <Info> (DetectLoadSigFile) -- 22 sigs failed to load from file /etc/suricata/icmp.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/icmp.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/imap.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/imap.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:270) <Info> (DetectLoadSigFile) -- 59 sigs failed to load from file /etc/suricata/imap.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/imap.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/info.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/info.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:270) <Info> (DetectLoadSigFile) -- 5 sigs failed to load from file /etc/suricata/info.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/info.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/local.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/local.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/local.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/misc.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/misc.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:270) <Info> (DetectLoadSigFile) -- 62 sigs failed to load from file /etc/suricata/misc.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/misc.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/multimedia.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/multimedia.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:270) <Info> (DetectLoadSigFile) -- 3 sigs failed to load from file /etc/suricata/multimedia.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/multimedia.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/mysql.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/mysql.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:270) <Info> (DetectLoadSigFile) -- 22 sigs failed to load from file /etc/suricata/mysql.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/mysql.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/netbios.rules
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'dce_opnum'.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/netbios.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:270) <Info> (DetectLoadSigFile) -- 531 sigs failed to load from file /etc/suricata/netbios.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/netbios.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/nntp.rules
DetectPcreParse: unknown regex modifier '/'
[9624] 2/1/2010 -- 16:18:18 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/nntp.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:270) <Info> (DetectLoadSigFile) -- 13 sigs failed to load from file /etc/suricata/nntp.rules.
[9624] 2/1/2010 -- 16:18:18 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/nntp.rules
[9624] 2/1/2010 -- 16:18:18 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/oracle.rules
DetectPcreParse: unknown regex modifier '/'
[9624] 2/1/2010 -- 16:18:19 - (detect-uricontent.c:241) <Error> (DetectUricontentSetup) -- [ERRCODE: SC_ERR_NO_URICONTENT_NEGATION(73)] - uricontent negation is not supported at this time. See bug #31.
[9624] 2/1/2010 -- 16:18:19 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'http_client_body'.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/oracle.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:270) <Info> (DetectLoadSigFile) -- 307 sigs failed to load from file /etc/suricata/oracle.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/oracle.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/other-ids.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/other-ids.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:270) <Info> (DetectLoadSigFile) -- 3 sigs failed to load from file /etc/suricata/other-ids.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/other-ids.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/p2p.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/p2p.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:270) <Info> (DetectLoadSigFile) -- 23 sigs failed to load from file /etc/suricata/p2p.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/p2p.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/policy.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/policy.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:270) <Info> (DetectLoadSigFile) -- 74 sigs failed to load from file /etc/suricata/policy.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/policy.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/pop2.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/pop2.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:270) <Info> (DetectLoadSigFile) -- 2 sigs failed to load from file /etc/suricata/pop2.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/pop2.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/pop3.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/pop3.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:270) <Info> (DetectLoadSigFile) -- 35 sigs failed to load from file /etc/suricata/pop3.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/pop3.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/porn.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/porn.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:270) <Info> (DetectLoadSigFile) -- 21 sigs failed to load from file /etc/suricata/porn.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/porn.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/rpc.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/rpc.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:270) <Info> (DetectLoadSigFile) -- 168 sigs failed to load from file /etc/suricata/rpc.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/rpc.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/rservices.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/rservices.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:270) <Info> (DetectLoadSigFile) -- 13 sigs failed to load from file /etc/suricata/rservices.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/rservices.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/scada.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/scada.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/scada.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/scan.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/scan.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:270) <Info> (DetectLoadSigFile) -- 14 sigs failed to load from file /etc/suricata/scan.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/scan.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/shellcode.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/shellcode.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:270) <Info> (DetectLoadSigFile) -- 25 sigs failed to load from file /etc/suricata/shellcode.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/shellcode.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/smtp.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/smtp.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:270) <Info> (DetectLoadSigFile) -- 90 sigs failed to load from file /etc/suricata/smtp.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/smtp.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/snmp.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/snmp.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:270) <Info> (DetectLoadSigFile) -- 16 sigs failed to load from file /etc/suricata/snmp.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/snmp.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/specific-threats.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/specific-threats.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:270) <Info> (DetectLoadSigFile) -- 31 sigs failed to load from file /etc/suricata/specific-threats.rules.
[9624] 2/1/2010 -- 16:18:19 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/specific-threats.rules
[9624] 2/1/2010 -- 16:18:19 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/spyware-put.rules
[9624] 2/1/2010 -- 16:18:19 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:19 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:19 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:19 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:19 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:20 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:20 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:20 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:20 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:20 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:20 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/spyware-put.rules.
[9624] 2/1/2010 -- 16:18:20 - (detect.c:270) <Info> (DetectLoadSigFile) -- 972 sigs failed to load from file /etc/suricata/spyware-put.rules.
[9624] 2/1/2010 -- 16:18:20 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/spyware-put.rules
[9624] 2/1/2010 -- 16:18:20 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/sql.rules
[9624] 2/1/2010 -- 16:18:20 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/sql.rules.
[9624] 2/1/2010 -- 16:18:20 - (detect.c:270) <Info> (DetectLoadSigFile) -- 87 sigs failed to load from file /etc/suricata/sql.rules.
[9624] 2/1/2010 -- 16:18:20 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/sql.rules
[9624] 2/1/2010 -- 16:18:20 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/telnet.rules
[9624] 2/1/2010 -- 16:18:20 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/telnet.rules.
[9624] 2/1/2010 -- 16:18:20 - (detect.c:270) <Info> (DetectLoadSigFile) -- 19 sigs failed to load from file /etc/suricata/telnet.rules.
[9624] 2/1/2010 -- 16:18:20 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/telnet.rules
[9624] 2/1/2010 -- 16:18:20 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/tftp.rules
[9624] 2/1/2010 -- 16:18:20 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/tftp.rules.
[9624] 2/1/2010 -- 16:18:20 - (detect.c:270) <Info> (DetectLoadSigFile) -- 16 sigs failed to load from file /etc/suricata/tftp.rules.
[9624] 2/1/2010 -- 16:18:20 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/tftp.rules
[9624] 2/1/2010 -- 16:18:20 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/virus.rules
[9624] 2/1/2010 -- 16:18:20 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/virus.rules.
[9624] 2/1/2010 -- 16:18:20 - (detect.c:270) <Info> (DetectLoadSigFile) -- 6 sigs failed to load from file /etc/suricata/virus.rules.
[9624] 2/1/2010 -- 16:18:20 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/virus.rules
[9624] 2/1/2010 -- 16:18:20 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/voip.rules
[9624] 2/1/2010 -- 16:18:20 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/voip.rules.
[9624] 2/1/2010 -- 16:18:20 - (detect.c:270) <Info> (DetectLoadSigFile) -- 46 sigs failed to load from file /etc/suricata/voip.rules.
[9624] 2/1/2010 -- 16:18:20 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/voip.rules
[9624] 2/1/2010 -- 16:18:20 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/web-activex.rules
[9624] 2/1/2010 -- 16:18:20 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/web-activex.rules.
[9624] 2/1/2010 -- 16:18:20 - (detect.c:270) <Info> (DetectLoadSigFile) -- 587 sigs failed to load from file /etc/suricata/web-activex.rules.
[9624] 2/1/2010 -- 16:18:20 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/web-activex.rules
[9624] 2/1/2010 -- 16:18:20 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/web-attacks.rules
[9624] 2/1/2010 -- 16:18:20 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/web-attacks.rules.
[9624] 2/1/2010 -- 16:18:20 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/web-attacks.rules
[9624] 2/1/2010 -- 16:18:20 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/web-cgi.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/web-cgi.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:270) <Info> (DetectLoadSigFile) -- 357 sigs failed to load from file /etc/suricata/web-cgi.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/web-cgi.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/web-client.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/web-client.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:270) <Info> (DetectLoadSigFile) -- 129 sigs failed to load from file /etc/suricata/web-client.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/web-client.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/web-coldfusion.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/web-coldfusion.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:270) <Info> (DetectLoadSigFile) -- 44 sigs failed to load from file /etc/suricata/web-coldfusion.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/web-coldfusion.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/web-frontpage.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/web-frontpage.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:270) <Info> (DetectLoadSigFile) -- 38 sigs failed to load from file /etc/suricata/web-frontpage.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/web-frontpage.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/web-iis.rules
[9624] 2/1/2010 -- 16:18:21 - (detect-uricontent.c:241) <Error> (DetectUricontentSetup) -- [ERRCODE: SC_ERR_NO_URICONTENT_NEGATION(73)] - uricontent negation is not supported at this time. See bug #31.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/web-iis.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:270) <Info> (DetectLoadSigFile) -- 95 sigs failed to load from file /etc/suricata/web-iis.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/web-iis.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/web-misc.rules
[9624] 2/1/2010 -- 16:18:21 - (detect-depth.c:41) <Error> (DetectDepthSetup) -- [ERRCODE: SC_ERR_DEPTH_MISSING_CONTENT(72)] - depth needs a preceeding content option
[9624] 2/1/2010 -- 16:18:21 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'http_header'.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/web-misc.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:270) <Info> (DetectLoadSigFile) -- 369 sigs failed to load from file /etc/suricata/web-misc.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/web-misc.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/web-php.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/web-php.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:270) <Info> (DetectLoadSigFile) -- 142 sigs failed to load from file /etc/suricata/web-php.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/web-php.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/x11.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/x11.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:270) <Info> (DetectLoadSigFile) -- 2 sigs failed to load from file /etc/suricata/x11.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/x11.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/emerging-attack_response.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/emerging-attack_response.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:270) <Info> (DetectLoadSigFile) -- 120 sigs failed to load from file /etc/suricata/emerging-attack_response.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/emerging-attack_response.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/emerging-dos.rules
[9624] 2/1/2010 -- 16:18:21 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:21 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:21 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:21 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:21 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:21 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:21 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/emerging-dos.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:270) <Info> (DetectLoadSigFile) -- 30 sigs failed to load from file /etc/suricata/emerging-dos.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/emerging-dos.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/emerging-exploit.rules
[9624] 2/1/2010 -- 16:18:21 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:21 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'fragoffset'.
[9624] 2/1/2010 -- 16:18:21 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:21 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:21 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/emerging-exploit.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:270) <Info> (DetectLoadSigFile) -- 261 sigs failed to load from file /etc/suricata/emerging-exploit.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/emerging-exploit.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/emerging-game.rules
[9624] 2/1/2010 -- 16:18:21 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:21 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/emerging-game.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:270) <Info> (DetectLoadSigFile) -- 42 sigs failed to load from file /etc/suricata/emerging-game.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/emerging-game.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/emerging-inappropriate.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/emerging-inappropriate.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:270) <Info> (DetectLoadSigFile) -- 4 sigs failed to load from file /etc/suricata/emerging-inappropriate.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/emerging-inappropriate.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/emerging-malware.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/emerging-malware.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:270) <Info> (DetectLoadSigFile) -- 615 sigs failed to load from file /etc/suricata/emerging-malware.rules.
[9624] 2/1/2010 -- 16:18:21 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/emerging-malware.rules
[9624] 2/1/2010 -- 16:18:21 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/emerging-p2p.rules
[9624] 2/1/2010 -- 16:18:21 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:21 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:22 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/emerging-p2p.rules.
[9624] 2/1/2010 -- 16:18:22 - (detect.c:270) <Info> (DetectLoadSigFile) -- 88 sigs failed to load from file /etc/suricata/emerging-p2p.rules.
[9624] 2/1/2010 -- 16:18:22 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/emerging-p2p.rules
[9624] 2/1/2010 -- 16:18:22 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/emerging-policy.rules
DetectPcreParse: unknown regex modifier '/'
DetectPcreParse: unknown regex modifier '/'
[9624] 2/1/2010 -- 16:18:22 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:22 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/emerging-policy.rules.
[9624] 2/1/2010 -- 16:18:22 - (detect.c:270) <Info> (DetectLoadSigFile) -- 315 sigs failed to load from file /etc/suricata/emerging-policy.rules.
[9624] 2/1/2010 -- 16:18:22 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/emerging-policy.rules
[9624] 2/1/2010 -- 16:18:22 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/emerging-scan.rules
[9624] 2/1/2010 -- 16:18:22 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/emerging-scan.rules.
[9624] 2/1/2010 -- 16:18:22 - (detect.c:270) <Info> (DetectLoadSigFile) -- 143 sigs failed to load from file /etc/suricata/emerging-scan.rules.
[9624] 2/1/2010 -- 16:18:22 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/emerging-scan.rules
[9624] 2/1/2010 -- 16:18:22 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/emerging-virus.rules
[9624] 2/1/2010 -- 16:18:22 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:22 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:22 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:22 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'urilen'.
[9624] 2/1/2010 -- 16:18:22 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'urilen'.
[9624] 2/1/2010 -- 16:18:22 - (detect.c:268) <Info> (DetectLoadSigFile) -- 2 successfully loaded from file /etc/suricata/emerging-virus.rules.
[9624] 2/1/2010 -- 16:18:22 - (detect.c:270) <Info> (DetectLoadSigFile) -- 965 sigs failed to load from file /etc/suricata/emerging-virus.rules.
[9624] 2/1/2010 -- 16:18:22 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/emerging-voip.rules
[9624] 2/1/2010 -- 16:18:22 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/emerging-voip.rules.
[9624] 2/1/2010 -- 16:18:22 - (detect.c:270) <Info> (DetectLoadSigFile) -- 9 sigs failed to load from file /etc/suricata/emerging-voip.rules.
[9624] 2/1/2010 -- 16:18:22 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/emerging-voip.rules
[9624] 2/1/2010 -- 16:18:22 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/emerging-web.rules
[9624] 2/1/2010 -- 16:18:22 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/emerging-web.rules.
[9624] 2/1/2010 -- 16:18:22 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/emerging-web.rules
[9624] 2/1/2010 -- 16:18:22 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/emerging-web_client.rules
[9624] 2/1/2010 -- 16:18:23 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:23 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:23 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/emerging-web_client.rules.
[9624] 2/1/2010 -- 16:18:23 - (detect.c:270) <Info> (DetectLoadSigFile) -- 259 sigs failed to load from file /etc/suricata/emerging-web_client.rules.
[9624] 2/1/2010 -- 16:18:23 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/emerging-web_client.rules
[9624] 2/1/2010 -- 16:18:23 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/emerging-web_server.rules
[9624] 2/1/2010 -- 16:18:23 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:23 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/emerging-web_server.rules.
[9624] 2/1/2010 -- 16:18:23 - (detect.c:270) <Info> (DetectLoadSigFile) -- 132 sigs failed to load from file /etc/suricata/emerging-web_server.rules.
[9624] 2/1/2010 -- 16:18:23 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/emerging-web_server.rules
[9624] 2/1/2010 -- 16:18:23 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/emerging-web_specific_apps.rules
[9624] 2/1/2010 -- 16:18:23 - (detect-parse.c:255) <Error> (SigParseOptions) -- [ERRCODE: SC_RULE_KEYWORD_UNKNOWN(67)] - unknown rule keyword 'http_method'.
[9624] 2/1/2010 -- 16:18:25 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:26 - (detect-offset.c:44) <Error> (DetectOffsetSetup) -- [ERRCODE: SC_ERR_OFFSET_MISSING_CONTENT(71)] - offset needs a preceeding content option
[9624] 2/1/2010 -- 16:18:26 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/emerging-web_specific_apps.rules.
[9624] 2/1/2010 -- 16:18:26 - (detect.c:270) <Info> (DetectLoadSigFile) -- 4334 sigs failed to load from file /etc/suricata/emerging-web_specific_apps.rules.
[9624] 2/1/2010 -- 16:18:26 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/emerging-web_specific_apps.rules
[9624] 2/1/2010 -- 16:18:26 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/emerging-user_agents.rules
[9624] 2/1/2010 -- 16:18:26 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file /etc/suricata/emerging-user_agents.rules.
[9624] 2/1/2010 -- 16:18:26 - (detect.c:270) <Info> (DetectLoadSigFile) -- 426 sigs failed to load from file /etc/suricata/emerging-user_agents.rules.
[9624] 2/1/2010 -- 16:18:26 - (detect.c:334) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from /etc/suricata/emerging-user_agents.rules
[9624] 2/1/2010 -- 16:18:26 - (detect.c:327) <Info> (SigLoadSignatures) -- Loading rule file: /etc/suricata/emerging-current_events.rules
[9624] 2/1/2010 -- 16:18:26 - (detect-distance.c:48) <Error> (DetectDistanceSetup) -- [ERRCODE: SC_ERR_DISTANCE_MISSING_CONTENT(69)] - distance needs two preceeding content options
[9624] 2/1/2010 -- 16:18:26 - (detect.c:268) <Info> (DetectLoadSigFile) -- 3 successfully loaded from file /etc/suricata/emerging-current_events.rules.
[9624] 2/1/2010 -- 16:18:26 - (detect.c:270) <Info> (DetectLoadSigFile) -- 167 sigs failed to load from file /etc/suricata/emerging-current_events.rules.
[9624] 2/1/2010 -- 16:18:26 - (detect.c:349) <Info> (SigLoadSignatures) -- Loading rule file: test.rule
[9624] 2/1/2010 -- 16:18:26 - (detect.c:268) <Info> (DetectLoadSigFile) -- 0 successfully loaded from file test.rule.
[9624] 2/1/2010 -- 16:18:26 - (detect.c:270) <Info> (DetectLoadSigFile) -- 1 sigs failed to load from file test.rule.
[9624] 2/1/2010 -- 16:18:26 - (detect.c:355) <Error> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(22)] - No rules loaded from test.rule
[9624] 2/1/2010 -- 16:18:26 - (detect.c:374) <Info> (SigLoadSignatures) -- 5 rules loaded from 71 files.
[9624] 2/1/2010 -- 16:18:26 - (detect-engine-sigorder.c:787) <Info> (SCSigOrderSignatures) -- ordering signatures in memory
SCSigOrderSignatures: Total Signatures to be processed by thesigordering module: 9
[9624] 2/1/2010 -- 16:18:26 - (detect-engine-sigorder.c:828) <Info> (SCSigOrderSignatures) -- total signatures reordered by the sigordering module: 9
[9624] 2/1/2010 -- 16:18:26 - (detect.c:1168) <Info> (SigAddressPrepareStage1) -- 9 signatures processed. 0 are IP-only rules, 9 are inspecting packet payload, 0 inspect application layer
[9624] 2/1/2010 -- 16:18:26 - (detect.c:1170) <Info> (SigAddressPrepareStage1) -- building signature grouping structure, stage 1: adding signatures to signature source addresses... done
[9624] 2/1/2010 -- 16:18:26 - (detect.c:1769) <Info> (SigAddressPrepareStage2) -- building signature grouping structure, stage 2: building source address lists...
[9624] 2/1/2010 -- 16:18:26 - (detect-engine-iponly.c:237) <Info> (IPOnlyPrint) -- IP ONLY (SRC): 0 /16's in our hash, 0 total address ranges
[9624] 2/1/2010 -- 16:18:26 - (detect-engine-iponly.c:239) <Info> (IPOnlyPrint) -- IP ONLY (DST): 0 /16's in our hash, 0 total address ranges
[9624] 2/1/2010 -- 16:18:26 - (detect.c:1840) <Info> (SigAddressPrepareStage2) -- 9 total signatures:
[9624] 2/1/2010 -- 16:18:26 - (detect.c:1841) <Info> (SigAddressPrepareStage2) -- 9 in ipv4 small group, 9 in rest
[9624] 2/1/2010 -- 16:18:26 - (detect.c:1842) <Info> (SigAddressPrepareStage2) -- 9 in ipv6 small group, 9 in rest
[9624] 2/1/2010 -- 16:18:26 - (detect.c:1843) <Info> (SigAddressPrepareStage2) -- 9 in any small group, 9 in rest
[9624] 2/1/2010 -- 16:18:26 - (detect.c:1845) <Info> (SigAddressPrepareStage2) -- small: 9 in ipv4 toserver group, 0 in toclient
[9624] 2/1/2010 -- 16:18:26 - (detect.c:1847) <Info> (SigAddressPrepareStage2) -- small: 9 in ipv6 toserver group, 0 in toclient
[9624] 2/1/2010 -- 16:18:26 - (detect.c:1849) <Info> (SigAddressPrepareStage2) -- small: 9 in any toserver group, 0 in toclient
[9624] 2/1/2010 -- 16:18:26 - (detect.c:1851) <Info> (SigAddressPrepareStage2) -- big: 9 in ipv4 toserver group, 0 in toclient
[9624] 2/1/2010 -- 16:18:26 - (detect.c:1853) <Info> (SigAddressPrepareStage2) -- big: 9 in ipv6 toserver group, 0 in toclient
[9624] 2/1/2010 -- 16:18:26 - (detect.c:1855) <Info> (SigAddressPrepareStage2) -- big: 9 in any toserver group, 0 in toclient
[9624] 2/1/2010 -- 16:18:26 - (detect.c:1882) <Info> (SigAddressPrepareStage2) -- TCP Source address blocks: any: 2, ipv4: 10, ipv6: 2.
[9624] 2/1/2010 -- 16:18:26 - (detect.c:1908) <Info> (SigAddressPrepareStage2) -- UDP Source address blocks: any: 0, ipv4: 0, ipv6: 0.
[9624] 2/1/2010 -- 16:18:26 - (detect.c:1934) <Info> (SigAddressPrepareStage2) -- ICMP Source address blocks: any: 0, ipv4: 0, ipv6: 0.
[9624] 2/1/2010 -- 16:18:26 - (detect.c:1938) <Info> (SigAddressPrepareStage2) -- building signature grouping structure, stage 2: building source address list... done
[9624] 2/1/2010 -- 16:18:26 - (detect.c:2458) <Info> (SigAddressPrepareStage3) -- building signature grouping structure, stage 3: building destination address lists...
[9624] 2/1/2010 -- 16:18:26 - (detect.c:2543) <Info> (SigAddressPrepareStage3) -- MPM memory 336093 (dynamic 335933, ctxs 160, avg per ctx 167966)
[9624] 2/1/2010 -- 16:18:26 - (detect.c:2545) <Info> (SigAddressPrepareStage3) -- max sig id 9, array size 2
[9624] 2/1/2010 -- 16:18:26 - (detect.c:2546) <Info> (SigAddressPrepareStage3) -- signature group heads: unique 2, copies 12.
[9624] 2/1/2010 -- 16:18:26 - (detect.c:2548) <Info> (SigAddressPrepareStage3) -- MPM instances: 2 unique, copies 0 (none 0).
[9624] 2/1/2010 -- 16:18:26 - (detect.c:2550) <Info> (SigAddressPrepareStage3) -- MPM (URI) instances: 2 unique, copies 0 (none 0).
[9624] 2/1/2010 -- 16:18:26 - (detect.c:2551) <Info> (SigAddressPrepareStage3) -- MPM max patcnt 7, avg 5
[9624] 2/1/2010 -- 16:18:26 - (detect.c:2553) <Info> (SigAddressPrepareStage3) -- MPM (URI) max patcnt 8, avg 4 (8/2)
[9624] 2/1/2010 -- 16:18:26 - (detect.c:2554) <Info> (SigAddressPrepareStage3) -- port maxgroups: 8, avg 2, tot 44
[9624] 2/1/2010 -- 16:18:26 - (detect.c:2555) <Info> (SigAddressPrepareStage3) -- building signature grouping structure, stage 3: building destination address lists... done
[9625] 2/1/2010 -- 16:18:26 - (source-pcap.c:175) <Info> (ReceivePcapThreadInit) -- using interface eth0
[9624] 2/1/2010 -- 16:18:27 - (tm-threads.c:1141) <Info> (TmThreadWaitOnThreadInit) -- all 13 packet processing threads, 3 management threads initialized, engine started.
^C[9624] 2/1/2010 -- 16:19:47 - (suricata.c:677) <Info> (main) -- signal received
[9624] 2/1/2010 -- 16:19:47 - (suricata.c:713) <Info> (main) -- time elapsed 81s
[9625] 2/1/2010 -- 16:19:47 - (source-pcap.c:137) <Info> (ReceivePcap) -- pcap packet reading interrupted
[9625] 2/1/2010 -- 16:19:47 - (source-pcap.c:260) <Info> (ReceivePcapThreadExitStats) -- (ReceivePcap) Packets 1942, bytes 284959
[9627] 2/1/2010 -- 16:19:47 - (stream-tcp.c:2384) <Info> (StreamTcpExitPrintStats) -- (Stream1) Packets 466
[9628] 2/1/2010 -- 16:19:47 - (stream-tcp.c:2384) <Info> (StreamTcpExitPrintStats) -- (Stream2) Packets 21
[9629] 2/1/2010 -- 16:19:47 - (stream-tcp.c:2384) <Info> (StreamTcpExitPrintStats) -- (Stream3) Packets 214
[9630] 2/1/2010 -- 16:19:47 - (stream-tcp.c:2384) <Info> (StreamTcpExitPrintStats) -- (Stream4) Packets 1150
[9631] 2/1/2010 -- 16:19:47 - (detect.c:128) <Info> (DetectExitPrintStats) -- (Detect1) (1byte) Pkts 535, Scanned 0 (0.0), Searched 0 (0.0): -nan%.
[9631] 2/1/2010 -- 16:19:47 - (detect.c:134) <Info> (DetectExitPrintStats) -- (Detect1) (2byte) Pkts 535, Scanned 0 (0.0), Searched 0 (0.0): -nan%.
[9631] 2/1/2010 -- 16:19:47 - (detect.c:140) <Info> (DetectExitPrintStats) -- (Detect1) (3byte) Pkts 535, Scanned 0 (0.0), Searched 0 (0.0): -nan%.
[9631] 2/1/2010 -- 16:19:47 - (detect.c:146) <Info> (DetectExitPrintStats) -- (Detect1) (4byte) Pkts 535, Scanned 0 (0.0), Searched 0 (0.0): -nan%.
[9631] 2/1/2010 -- 16:19:47 - (detect.c:152) <Info> (DetectExitPrintStats) -- (Detect1) (+byte) Pkts 535, Scanned 0 (0.0), Searched 0 (0.0): -nan%.
[9631] 2/1/2010 -- 16:19:47 - (detect.c:159) <Info> (DetectExitPrintStats) -- (Detect1) URI (1byte) Uri's 0, Scanned 0 (-nan), Searched 0 (-nan): -nan%.
[9631] 2/1/2010 -- 16:19:47 - (detect.c:165) <Info> (DetectExitPrintStats) -- (Detect1) URI (2byte) Uri's 0, Scanned 0 (-nan), Searched 0 (-nan): -nan%.
[9631] 2/1/2010 -- 16:19:47 - (detect.c:171) <Info> (DetectExitPrintStats) -- (Detect1) URI (3byte) Uri's 0, Scanned 0 (-nan), Searched 0 (-nan): -nan%.
[9631] 2/1/2010 -- 16:19:47 - (detect.c:177) <Info> (DetectExitPrintStats) -- (Detect1) URI (4byte) Uri's 0, Scanned 0 (-nan), Searched 0 (-nan): -nan%.
[9631] 2/1/2010 -- 16:19:47 - (detect.c:183) <Info> (DetectExitPrintStats) -- (Detect1) URI (+byte) Uri's 0, Scanned 0 (-nan), Searched 0 (-nan): -nan%.
[9632] 2/1/2010 -- 16:19:47 - (detect.c:128) <Info> (DetectExitPrintStats) -- (Detect2) (1byte) Pkts 1407, Scanned 0 (0.0), Searched 0 (0.0): -nan%.
[9632] 2/1/2010 -- 16:19:47 - (detect.c:134) <Info> (DetectExitPrintStats) -- (Detect2) (2byte) Pkts 1407, Scanned 0 (0.0), Searched 0 (0.0): -nan%.
[9632] 2/1/2010 -- 16:19:47 - (detect.c:140) <Info> (DetectExitPrintStats) -- (Detect2) (3byte) Pkts 1407, Scanned 0 (0.0), Searched 0 (0.0): -nan%.
[9632] 2/1/2010 -- 16:19:47 - (detect.c:146) <Info> (DetectExitPrintStats) -- (Detect2) (4byte) Pkts 1407, Scanned 0 (0.0), Searched 0 (0.0): -nan%.
[9632] 2/1/2010 -- 16:19:47 - (detect.c:152) <Info> (DetectExitPrintStats) -- (Detect2) (+byte) Pkts 1407, Scanned 0 (0.0), Searched 0 (0.0): -nan%.
[9632] 2/1/2010 -- 16:19:47 - (detect.c:159) <Info> (DetectExitPrintStats) -- (Detect2) URI (1byte) Uri's 0, Scanned 0 (-nan), Searched 0 (-nan): -nan%.
[9632] 2/1/2010 -- 16:19:47 - (detect.c:165) <Info> (DetectExitPrintStats) -- (Detect2) URI (2byte) Uri's 0, Scanned 0 (-nan), Searched 0 (-nan): -nan%.
[9632] 2/1/2010 -- 16:19:47 - (detect.c:171) <Info> (DetectExitPrintStats) -- (Detect2) URI (3byte) Uri's 0, Scanned 0 (-nan), Searched 0 (-nan): -nan%.
[9632] 2/1/2010 -- 16:19:47 - (detect.c:177) <Info> (DetectExitPrintStats) -- (Detect2) URI (4byte) Uri's 0, Scanned 0 (-nan), Searched 0 (-nan): -nan%.
[9632] 2/1/2010 -- 16:19:47 - (detect.c:183) <Info> (DetectExitPrintStats) -- (Detect2) URI (+byte) Uri's 0, Scanned 0 (-nan), Searched 0 (-nan): -nan%.
[9634] 2/1/2010 -- 16:19:47 - (alert-fastlog.c:200) <Info> (AlertFastlogExitPrintStats) -- (AlertFastlog&Httplog) Alerts 0
[9634] 2/1/2010 -- 16:19:47 - (log-httplog.c:218) <Info> (LogHttplogExitPrintStats) -- (AlertFastlog&Httplog) HTTP requests 0
[9637] 2/1/2010 -- 16:19:47 - (alert-debuglog.c:228) <Info> (AlertDebuglogExitPrintStats) -- (AlertDebuglog) Alerts 0
[9638] 2/1/2010 -- 16:19:47 - (flow.c:662) <Info> (FlowManagerThread) -- 2 new flows, 0 established flows were timed out
[9624] 2/1/2010 -- 16:19:47 - (flow.c:496) <Info> (FlowPrintQueueInfo) -- flow queue info:
[9624] 2/1/2010 -- 16:19:47 - (flow.c:497) <Info> (FlowPrintQueueInfo) -- spare flow queue 0
[9624] 2/1/2010 -- 16:19:47 - (flow.c:499) <Info> (FlowPrintQueueInfo) -- flow_spare_q.dbg_maxlen 10001
[9624] 2/1/2010 -- 16:19:47 - (flow.c:510) <Info> (FlowPrintQueueInfo) -- proto [0] new flow queue 0 - flow_new_q.dbg_maxlen 0
[9624] 2/1/2010 -- 16:19:47 - (flow.c:520) <Info> (FlowPrintQueueInfo) -- proto [0] establised flow queue 0 - flow_est_q.dbg_maxlen 0
[9624] 2/1/2010 -- 16:19:47 - (flow.c:530) <Info> (FlowPrintQueueInfo) -- proto [0] closing flow queue 0 - flow_closing_q.dbg_maxlen 0
[9624] 2/1/2010 -- 16:19:47 - (flow.c:510) <Info> (FlowPrintQueueInfo) -- proto [1] new flow queue 0 - flow_new_q.dbg_maxlen 5
[9624] 2/1/2010 -- 16:19:47 - (flow.c:520) <Info> (FlowPrintQueueInfo) -- proto [1] establised flow queue 0 - flow_est_q.dbg_maxlen 11
[9624] 2/1/2010 -- 16:19:47 - (flow.c:530) <Info> (FlowPrintQueueInfo) -- proto [1] closing flow queue 0 - flow_closing_q.dbg_maxlen 15
[9624] 2/1/2010 -- 16:19:47 - (flow.c:510) <Info> (FlowPrintQueueInfo) -- proto [2] new flow queue 0 - flow_new_q.dbg_maxlen 3
[9624] 2/1/2010 -- 16:19:47 - (flow.c:520) <Info> (FlowPrintQueueInfo) -- proto [2] establised flow queue 0 - flow_est_q.dbg_maxlen 6
[9624] 2/1/2010 -- 16:19:47 - (flow.c:530) <Info> (FlowPrintQueueInfo) -- proto [2] closing flow queue 0 - flow_closing_q.dbg_maxlen 0
[9624] 2/1/2010 -- 16:19:47 - (flow.c:510) <Info> (FlowPrintQueueInfo) -- proto [3] new flow queue 0 - flow_new_q.dbg_maxlen 0
[9624] 2/1/2010 -- 16:19:47 - (flow.c:520) <Info> (FlowPrintQueueInfo) -- proto [3] establised flow queue 0 - flow_est_q.dbg_maxlen 0
[9624] 2/1/2010 -- 16:19:47 - (flow.c:530) <Info> (FlowPrintQueueInfo) -- proto [3] closing flow queue 0 - flow_closing_q.dbg_maxlen 0
[9624] 2/1/2010 -- 16:19:47 - (flow.c:535) <Info> (FlowPrintQueueInfo) -- flowbits added: 0, removed: 0, max memory usage: 0
[9624] 2/1/2010 -- 16:19:47 - (detect.c:2565) <Info> (SigAddressCleanupStage1) -- cleaning up signature grouping structure...
[9624] 2/1/2010 -- 16:19:47 - (detect.c:2582) <Info> (SigAddressCleanupStage1) -- cleaning up signature grouping structure... done
More information about the Oisf-users
mailing list