[Oisf-users] Rule errors from suricata 3.2
Jason Ish
lists at unx.ca
Thu Dec 1 20:55:31 UTC 2016
On Thu, Dec 1, 2016 at 1:50 PM, James Moe <jimoe at sohnen-moe.com> wrote:
> Hello,
> opensuse leap 42.2
> linux 4.4.27-2-default x86_64
>
> I built and installed Suricata v3.2. The build proceeded without a
> problem. Outstanding work!
>
> A restart of suricata produces the errors below. Is this expected?
>
> 1/12/2016 -- 12:44:15 - <Error> - [ERRCODE:
> SC_ERR_UNKNOWN_DECODE_EVENT(186)] - unknown decode event
> "decoder.ipv4.frag_too_large"
>
> 1/12/2016 -- 12:44:15 - <Error> - [ERRCODE:
> SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert pkthdr
> any any -> any any (msg:"SURICATA FRAG IPv4 Packet size too large";
> decode-event:ipv4.frag_too_large; sid:2200069; rev:1;)" from file
> /usr/local/etc/suricata/rules/decoder-events.rules at line 78
>
> 1/12/2016 -- 12:44:15 - <Error> - [ERRCODE:
> SC_ERR_UNKNOWN_DECODE_EVENT(186)] - unknown decode event
> "decoder.ipv6.frag_too_large"
>
> 1/12/2016 -- 12:44:15 - <Error> - [ERRCODE:
> SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert pkthdr
> any any -> any any (msg:"SURICATA FRAG IPv6 Packet size too large";
> decode-event:ipv6.frag_too_large; sid:2200071; rev:1;)" from file
> /usr/local/etc/suricata/rules/decoder-events.rules at line 80
You'll want to update your decoder-events.rules, looks like you still
have an older version installed.
Jason
More information about the Oisf-users
mailing list