[Oisf-users] Suricata rule/config errors
Russell Fulton
r.fulton at auckland.ac.nz
Tue Sep 23 02:22:57 UTC 2014
On 15/09/2014, at 11:24 am, Russell Fulton <r.fulton at auckland.ac.nz> wrote:
>
> The other problem is that I always get the error:
>
> 2014 Sep 15 10:47:02 +12:00 secmonprd01.insec.auckland.ac.nz: suricata: '15/9/2014 -- 10:47:02 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /home/sensors/dmzo/Rules/local.rules '
>
> but sensors at secmonprd01:~$ cat /home/sensors/dmzo/Rules/local.rules
>
> alert udp [130.216.0.0/16,!$DNS_SERVERS] any -> ![130.216.0.0/16,202.46.160.4] 53 (msg:"UTCSIG DNS request from non-DNS server"; content:"|01 00 00 01 00 00 00 00 00 00|"; offset:2; depth:10; sid:9900009; rev:1;)
Finally figured this one out. The line with a rule started with a blank, removing the leading whitespace fixed the issue and the rule loaded and the error message disappeared.
NOt sure if this is a bug or a feature ;)
Russell
More information about the Oisf-users
mailing list