[Oisf-users] Suricata rule/config errors

Simon Wesseldine simon.wesseldine at idappcom.com
Mon Sep 15 14:10:19 UTC 2014

HI Russell,


with reference to your first error, I think the problem is that you are
using a content modifier with a pcre keyword.


content:"NICK "; depth:5; pcre: "/\[[A-Z]{2,3}\|/"; within:10;


It is likely that Suricata is seeing the keyword 'depth' and 'within' being
used together. You will need to remove the keyword 'within' completely.


Best regards,


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140915/7173a72e/attachment-0002.html>

More information about the Oisf-users mailing list