[Oisf-users] Suricata failed to parse address
Paolo D'Angeli
paolo.dangeli at asdc.asi.it
Mon Aug 12 07:23:45 UTC 2013
I want to check subnet but exclude one ip .
I've read a documentation at https://redmine.openinfosecfoundatio...Suricata_Rules and report this example :
[10.0.0.0/24, !10.0.0.5] (10.0.0.0/24 except for 10.0.0.5)
Now, in my suricata configuration I've set HOME_NET wit :
HOME_NET: "[10.10.10.0/24, !10.10.10.247]"
But, when I start suricata receive this error :
12/8/2013 -- 08:56:09 - <Error> - [ERRCODE: SC_ERR_ADDRESS_ENGINE_GENERIC(89)] - failed to parse address " 10.10.10.247"
12/8/2013 -- 08:56:09 - <Error> - [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - failed to parse address var "HOME_NET" with value "[10.10.10.0/24, !10.10.10.247]". Please check it's syntax
12/8/2013 -- 08:56:09 - <Error> - [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - basic address vars test failed. Please check /etc/suricata/suricata.yaml for errors
I've Suricata version 1.4.5 RELEASE .
How can I exclude one ip from check, what is correct syntax .
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130812/f19225ad/attachment.html>
More information about the Oisf-users
mailing list