[Oisf-users] Suricata rule/config errors
Simon Wesseldine
simon.wesseldine at idappcom.com
Mon Sep 15 14:10:19 UTC 2014
HI Russell,
with reference to your first error, I think the problem is that you are
using a content modifier with a pcre keyword.
content:"NICK "; depth:5; pcre: "/\[[A-Z]{2,3}\|/"; within:10;
It is likely that Suricata is seeing the keyword 'depth' and 'within' being
used together. You will need to remove the keyword 'within' completely.
Best regards,
Simon.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140915/7173a72e/attachment-0002.html>
More information about the Oisf-users
mailing list