[Oisf-users] Rule Sets
Peter Manev
petermanev at gmail.com
Mon Jul 11 15:44:07 UTC 2011
Hi Brant,
It would be helpful if you could some info regarding this frome your
suricata.log file, if possible, if you have configured that in your yaml
file.
Thank you
On 11 Jul 2011 17:24, "Brant Wells" <bwells at tfc.edu> wrote:
> Hi All,
>
> Not sure if this should be posted on the dev list or the users lists, so I
> thought I'd ask here first...
>
> I'd like to use the Emerging Threats open rule sets for Suricata. However,
> when I updated the rules, now when I run Suricata, with
--init-errors-fatal,
> I get
>
> [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "alert
udp
> $EXTERNAL_NET any -> $HOME_NET 514 (msg:"ET DOS Cisco 514 UDP flood DoS";
> content:"|25 25 25 25 25 58 58 25 25 25 25 25|"; classtype: attempted-dos;
> reference:url,www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml;
> reference:url,doc.emergingthreats.net/bin/view/Main/2000010;
reference:url,
> www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Cisco_514_UDP_DoS;
> sid:2000010; rev:11;)" from file /etc/suricata/rules/emerging-dos.rules at
> line 54
>
> A ton of rule errors like that. How can I find / fix them? I am running
> 1.1 beta 2 (rev 047b19d) from the git repo...
>
> See Yas!
> ~Brant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110711/edf0b5c0/attachment-0002.html>
More information about the Oisf-users
mailing list