[Oisf-users] Question About Using a Large HOME_NET Specification
Les Roosa
lroosa at promia.com
Sat Jun 9 00:24:07 UTC 2012
Hi Guys,
I am new to the Suricata world, and I'm trying to validate that it can deal with very large HOME_NET specifications. I am starting with Suricata version 1.2.1 running on a Ubuntu Linux Lucid OS.
I have a customer that has between 240 and 260 HOME_NET entries. I tried entering, 248 entries in suricata.yaml, and I get strange results.
I get: "Failed to parse configuration file at line 773: did not find expected key". Line 773 is a blank line and precedes the line with EXTERNAL_NET: "!HOME_NET".
I have tried commenting out EXTERNAL_NET and all the "_SERVERS entries (i.e. HTTP_SERVERS etc), but then all rules that specify EXTERNAL_NET are dropped. I also tried EXTERNEL_NET: "any" but that gets the same line 773 failure as mentioned above..
If I leave HTTP_SERVERS: in, I get the "Failed to parse configuration file at line 775: did not find expected key" message. Again, line 775 is a blank line and precedes the line with HTTP_SERVERS:
I would be glad to furnish any additional information you may need or try anything that you suggest.
Thanks in advance, and I hope to hear from you soon.
Les Roosa
More information about the Oisf-users
mailing list