[Oisf-users] Rule Sets

Brant Wells bwells at tfc.edu
Mon Jul 11 15:24:01 UTC 2011

Hi All,

Not sure if this should be posted on the dev list or the users lists, so I
thought I'd ask here first...

I'd like to use the Emerging Threats open rule sets for Suricata.  However,
when I updated the rules, now when I run Suricata, with --init-errors-fatal,
I get

[ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "alert udp
$EXTERNAL_NET any -> $HOME_NET 514 (msg:"ET DOS Cisco 514 UDP flood DoS";
content:"|25 25 25 25 25 58 58 25 25 25 25 25|"; classtype: attempted-dos;
reference:url,doc.emergingthreats.net/bin/view/Main/2000010; reference:url,
sid:2000010; rev:11;)" from file /etc/suricata/rules/emerging-dos.rules at
line 54

A ton of rule errors like that.  How can I find / fix them?  I am running
1.1 beta 2 (rev 047b19d) from the git repo...

See Yas!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110711/8c64a2d5/attachment-0002.html>

More information about the Oisf-users mailing list