[Oisf-users] Suricata failed to parse address
Anoop Saldanha
anoopsaldanha at gmail.com
Fri Aug 30 02:40:21 UTC 2013
On Mon, Aug 12, 2013 at 12:49 PM, Paolo D'Angeli
<paolo.dangeli at asdc.asi.it> wrote:
> I want to check subnet but exclude one ip .
>
>
> I've read a documentation at
> https://redmine.openinfosecfoundatio...Suricata_Rules and report this
> example :
>
>
> [10.0.0.0/24, !10.0.0.5] (10.0.0.0/24 except for 10.0.0.5)
>
>
> Now, in my suricata configuration I've set HOME_NET wit :
>
>
> HOME_NET: "[10.10.10.0/24, !10.10.10.247]"
>
>
> But, when I start suricata receive this error :
>
>
> 12/8/2013 -- 08:56:09 - <Error> - [ERRCODE:
> SC_ERR_ADDRESS_ENGINE_GENERIC(89)] - failed to parse address " 10.10.10.247"
> 12/8/2013 -- 08:56:09 - <Error> - [ERRCODE:
> SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - failed to parse address var
> "HOME_NET" with value "[10.10.10.0/24, !10.10.10.247]". Please check it's
> syntax
> 12/8/2013 -- 08:56:09 - <Error> - [ERRCODE:
> SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - basic address vars test failed.
> Please check /etc/suricata/suricata.yaml for errors
>
>
> I've Suricata version 1.4.5 RELEASE .
>
>
> How can I exclude one ip from check, what is correct syntax .
>
You'll have to get rid of that space after the ,
--
-------------------------------
Anoop Saldanha
http://www.poona.me
-------------------------------
More information about the Oisf-users
mailing list