[Oisf-users] suricata signatures on wheezy

John Devine john.devine at nuspire.com
Mon Jan 25 15:32:45 UTC 2016


I installed suricata for wheezy:

# apt-get install -t wheezy-backports suricata.

I was able to start it in IPS mode via the init with no errors (though it blows up when I try to get it to alert but that's another issue). So I tried starting it via command line like so:

# suricata -c /etc/suricata/suricata-debian.yaml -q 0 -v --init-errors-fatal

and I get:
<Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature parsing failed: "config classification: not-suspicious,Not Suspicious Traffic,3"

I don't understand why it is giving this error when trying to start via command line and not via init. Attached is my config.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160125/0dc92c55/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: suricata-debian.yaml
Type: application/x-yaml
Size: 49624 bytes
Desc: suricata-debian.yaml
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160125/0dc92c55/attachment-0001.bin>

More information about the Oisf-users mailing list