[Oisf-users] Suricata 2.0rc1 Available!
Peter Manev
petermanev at gmail.com
Thu Feb 13 14:30:36 UTC 2014
On Thu, Feb 13, 2014 at 3:28 PM, Phil Daws <uxbod at splatnix.net> wrote:
>
> ----- Original Message -----
> From: "Victor Julien" <victor at inliniac.net>
> To: "Phil Daws" <uxbod at splatnix.net>
> Cc: oisf-users at lists.openinfosecfoundation.org
> Sent: Thursday, 13 February, 2014 1:31:50 PM
> Subject: Re: [Oisf-users] Suricata 2.0rc1 Available!
>
> On 02/13/2014 02:27 PM, Phil Daws wrote:
>> Upgrading from 2.0beta produced the following with latest rules:
>>
>> <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert dns any any -> any any (msg:"SURICATA DNS Not a request"; flow:to_server; app-layer-event:dns.not_a_request; sid:2240004; rev:1;)" from file /usr/local/etc/suricata/rules/dns-events.rules at line 7
>> ...
>
> Could you (privately) share your yaml? The problem seems to go away if
> you use the yaml from 2.0rc1/git. Would like to make sure it also works
> with older yamls.
>
> --
>
> Also when trying to compile in PF_RING using:
>
> ./configure --enable-nfqueue \
> --enable-geoip \
> --enable-pfring \
> --with-libpfring-libraries=/usr/local/pfring/lib \
> --with-libpfring-includes=/usr/local/pfring/include \
> --with-libpcap-libraries=/usr/local/pfring/lib \
> --with-libpcap-includes=/usr/local/pfring/include
>
> am seeing:
>
> ERROR! --enable-pfring was passed but the library was not found or version is >4, go get it
> from http://www.ntop.org/PF_RING.html
>
> That is with PF_RING version 5.6.2 plus trying LIBS=-lrt
>
What OS is that?
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list