[Oisf-users] botcc rules not loading
Charles DeVoe
scarecrow_57 at yahoo.com
Wed Jul 20 12:13:42 UTC 2016
Last week we pushed out the botcc signatures from Emerging Threats to 125 suricata sensors. Some of the sensors continued to work fine, others would not finish loading the system. The logs showed this activity
18/7/2016 -- 14:43:33 - <Info> - 2 rule files processed. 17404 rules successfully loaded, 3 rules failed 18/7/2016 -- 14:43:33 - <Info> - 17405 signatures processed. 2 are IP-only rules, 6837 are inspecting packet payload, 12413 inspect application layer, 0 are decoder event only 18/7/2016 -- 14:43:33 - <Info> - building signature grouping structure, stage 1: preprocessing rules... complete 18/7/2016 -- 14:43:33 - <Info> - building signature grouping structure, stage 2: building source address list... complete Missing were the remaining lines. 18/7/2016 -- 14:43:40 - <Info> - building signature grouping structure, stage 3: building destination address lists... complete18/7/2016 -- 14:43:43 - <Info> - Registered 17405 rule profiling counters.18/7/2016 -- 14:43:43 - <Info> - Threshold config parsed: 0 rule(s) found18/7/2016 -- 14:43:43 - <Notice> - Signature(s) loaded, Detect thread(s) activated.
We removed the botcc signatures and the systems worked fine.
Oddly enough, Monday morning, I tried the same signature set (although updated) and they loaded fine.
Is there an explanation as to why this happened?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160720/73962f0d/attachment-0001.html>
More information about the Oisf-users
mailing list