[Oisf-users] Rule Sets

Matthew Jonkman jonkman at emergingthreatspro.com
Mon Jul 11 15:28:35 UTC 2011

Hmmmm, I'm stumped there. We run the same version in QA on suricata for each release and aren't getting that. 

How many others are you getting?

Do you have the correct classifications file included?

What do some of the other errors look like?



On Jul 11, 2011, at 11:24 AM, Brant Wells wrote:

> Hi All,
> Not sure if this should be posted on the dev list or the users lists, so I thought I'd ask here first...
> I'd like to use the Emerging Threats open rule sets for Suricata.  However, when I updated the rules, now when I run Suricata, with --init-errors-fatal, I get
> [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "alert udp $EXTERNAL_NET any -> $HOME_NET 514 (msg:"ET DOS Cisco 514 UDP flood DoS"; content:"|25 25 25 25 25 58 58 25 25 25 25 25|"; classtype: attempted-dos; reference:url,www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml; reference:url,doc.emergingthreats.net/bin/view/Main/2000010; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Cisco_514_UDP_DoS; sid:2000010; rev:11;)" from file /etc/suricata/rules/emerging-dos.rules at line 54
> A ton of rule errors like that.  How can I find / fix them?  I am running 1.1 beta 2 (rev 047b19d) from the git repo...
> See Yas!
> ~Brant
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

Matthew Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110

PGP: http://www.jonkmans.com/mattjonkman.asc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110711/d9996eeb/attachment-0002.html>

More information about the Oisf-users mailing list