[Oisf-users] Suricata failed to parse address
Anoop Saldanha
anoopsaldanha at gmail.com
Fri Aug 30 03:41:19 UTC 2013
On Fri, Aug 30, 2013 at 8:10 AM, Anoop Saldanha <anoopsaldanha at gmail.com> wrote:
> On Mon, Aug 12, 2013 at 12:49 PM, Paolo D'Angeli
> <paolo.dangeli at asdc.asi.it> wrote:
>> I want to check subnet but exclude one ip .
>>
>>
>> I've read a documentation at
>> https://redmine.openinfosecfoundatio...Suricata_Rules and report this
>> example :
>>
>>
>> [10.0.0.0/24, !10.0.0.5] (10.0.0.0/24 except for 10.0.0.5)
>>
>>
>> Now, in my suricata configuration I've set HOME_NET wit :
>>
>>
>> HOME_NET: "[10.10.10.0/24, !10.10.10.247]"
>>
>>
>> But, when I start suricata receive this error :
>>
>>
>> 12/8/2013 -- 08:56:09 - <Error> - [ERRCODE:
>> SC_ERR_ADDRESS_ENGINE_GENERIC(89)] - failed to parse address " 10.10.10.247"
>> 12/8/2013 -- 08:56:09 - <Error> - [ERRCODE:
>> SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - failed to parse address var
>> "HOME_NET" with value "[10.10.10.0/24, !10.10.10.247]". Please check it's
>> syntax
>> 12/8/2013 -- 08:56:09 - <Error> - [ERRCODE:
>> SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - basic address vars test failed.
>> Please check /etc/suricata/suricata.yaml for errors
>>
>>
>> I've Suricata version 1.4.5 RELEASE .
>>
>>
>> How can I exclude one ip from check, what is correct syntax .
>>
>
> You'll have to get rid of that space after the ,
>
I have supplied the fix for the space thing anyways. You can track it here -
https://redmine.openinfosecfoundation.org/issues/920
--
-------------------------------
Anoop Saldanha
http://www.poona.me
-------------------------------
More information about the Oisf-users
mailing list