[Oisf-users] Rule Errors
Phil Daws
uxbod at splatnix.net
Wed May 7 07:37:08 UTC 2014
Good morning All,
have upgraded to the latest GIT release to try out the HeartBleed code additions and on restarting am seeing a large number of the following rule failures:
May 7 08:30:15 fw1 suricata: [8083] 7/5/2014 -- 08:30:15 - (detect.c:350) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert pkthdr any any -> any any (msg:"SURICATA PPP unsupported protocol"; decode-event:ppp.unsup_proto; sid:2200048; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 351
May 7 08:30:15 fw1 suricata: [8083] 7/5/2014 -- 08:30:15 - (detect-parse.c:1843) <Error> (DetectEngineAppendSig) -- [ERRCODE: SC_ERR_DUPLICATE_SIG(176)] - Duplicate signature "alert pkthdr any any -> any any (msg:"SURICATA PPPOE packet too small"; decode-event:pppoe.pkt_too_small; sid:2200049; rev:1;)"
May 7 08:30:15 fw1 suricata: [8083] 7/5/2014 -- 08:30:15 - (detect.c:350) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert pkthdr any any -> any any (msg:"SURICATA PPPOE packet too small"; decode-event:pppoe.pkt_too_small; sid:2200049; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 352
May 7 08:30:15 fw1 suricata: [8083] 7/5/2014 -- 08:30:15 - (detect-parse.c:1843) <Error> (DetectEngineAppendSig) -- [ERRCODE: SC_ERR_DUPLICATE_SIG(176)] - Duplicate signature "alert pkthdr any any -> any any (msg:"SURICATA PPPOE wrong code"; decode-event:pppoe.wrong_code; sid:2200050; rev:1;)"
How would one go about debugging them please ?
Thanks. Phil
More information about the Oisf-users
mailing list