[Oisf-users] suricata signatures on wheezy

Victor Julien lists at inliniac.net
Tue Jan 26 11:29:51 UTC 2016


On 25-01-16 16:32, John Devine wrote:
> Hi,
>
> I installed suricata for wheezy:
>
>
> # apt-get install -t wheezy-backports suricata.
>
>
> I was able to start it in IPS mode via the init with no errors (though
> it blows up when I try to get it to alert but that's another issue). So
> I tried starting it via command line like so:
>
>
> # suricata -c /etc/suricata/suricata-debian.yaml -q 0 -v --init-errors-fatal
>
>
> and I get:
> <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature parsing
> failed: "config classification: not-suspicious,Not Suspicious Traffic,3"
>
> I don't understand why it is giving this error when trying to start via
> command line and not via init. Attached is my config.
>

It looks like it's trying to load the classification.config as a rule file.


-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Oisf-users mailing list