[Oisf-users] Question About Using a Large HOME_NET Specification

Peter Manev petermanev at gmail.com
Tue Jun 12 14:54:10 UTC 2012


Hi,

I also forgot to point out that you should use
EXTERNAL_NET: "!*$*HOME_NET"
instead of
EXTERNAL_NET: "!HOME_NET"
notice the $$$$$$$ sign.

thanks
P.S.
I tried with 254 addresses and it works fine.

On Sat, Jun 9, 2012 at 2:24 AM, Les Roosa <lroosa at promia.com> wrote:

> Hi Guys,
>
> I am new to the Suricata world, and I'm trying to validate that it can
> deal with very large HOME_NET specifications. I am starting with Suricata
> version 1.2.1 running on a Ubuntu Linux Lucid OS.
>
> I have a customer that has between 240 and 260 HOME_NET entries. I tried
> entering, 248 entries in suricata.yaml, and I get strange results.
>
> I get: "Failed to parse configuration file at line 773: did not find
> expected key". Line 773 is a blank line and precedes the line with
> EXTERNAL_NET: "!HOME_NET".
>
> I have tried commenting out EXTERNAL_NET and all the "_SERVERS entries
> (i.e. HTTP_SERVERS etc), but then all rules that specify EXTERNAL_NET are
> dropped. I also tried EXTERNEL_NET: "any" but that gets the same line 773
> failure as mentioned above..
>
> If I leave HTTP_SERVERS: in, I get the "Failed to parse configuration file
> at line 775: did not find expected key" message. Again, line 775 is a blank
> line and precedes the line with HTTP_SERVERS:
>
> I would be glad to furnish any additional information you may need or try
> anything that you suggest.
>
> Thanks in advance, and I hope to hear from you soon.
>
> Les Roosa
>
>
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>



-- 
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120612/ef706370/attachment-0002.html>


More information about the Oisf-users mailing list