[Oisf-users] Suricata 2.0rc1 Available!

Phil Daws uxbod at splatnix.net
Thu Feb 13 14:28:34 UTC 2014

----- Original Message -----
From: "Victor Julien" <victor at inliniac.net>
To: "Phil Daws" <uxbod at splatnix.net>
Cc: oisf-users at lists.openinfosecfoundation.org
Sent: Thursday, 13 February, 2014 1:31:50 PM
Subject: Re: [Oisf-users] Suricata 2.0rc1 Available!

On 02/13/2014 02:27 PM, Phil Daws wrote:
> Upgrading from 2.0beta produced the following with latest rules:
> <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert dns any any -> any any (msg:"SURICATA DNS Not a request"; flow:to_server; app-layer-event:dns.not_a_request; sid:2240004; rev:1;)" from file /usr/local/etc/suricata/rules/dns-events.rules at line 7
> ...

Could you (privately) share your yaml? The problem seems to go away if
you use the yaml from 2.0rc1/git. Would like to make sure it also works
with older yamls.


Also when trying to compile in PF_RING using:

./configure --enable-nfqueue \
--enable-geoip \
--enable-pfring \
--with-libpfring-libraries=/usr/local/pfring/lib \
--with-libpfring-includes=/usr/local/pfring/include \
--with-libpcap-libraries=/usr/local/pfring/lib \

am seeing:

ERROR! --enable-pfring was passed but the library was not found or version is >4, go get it
   from http://www.ntop.org/PF_RING.html

That is with PF_RING version 5.6.2 plus trying LIBS=-lrt



More information about the Oisf-users mailing list