[Oisf-users] Error trying to create basic rule
Jean Tourrilhes
jt at labs.hpe.com
Fri Sep 30 22:59:22 UTC 2016
Hi,
I've compiled suricate 3.1.2 on Debian, and I was trying to
install some very basic rule that I tested previously with snort. I'm
getting an error that I don't know how to fix...
/etc/suricata/rules/local.rules :
-----------------------------------------------
alert icmp any any -> $HOME_NET any (msg:"ICMP test detected"; sid:1000001)
drop tcp any any -> any 23 (msg: "Drop telnet packets"; sid: 1000002)
pass ip any any -> any any
-----------------------------------------------
When I run suricata, I get :
--------------------------------
# suricata -c /etc/suricata/suricata.yaml -q 0
30/9/2016 -- 15:55:38 - <Notice> - This is Suricata version 3.1.2 RELEASE
30/9/2016 -- 15:55:38 - <Error> - [ERRCODE: SC_ERR_PCRE_MATCH(2)] - pcre_exec failed: ret -1, optstr " sid:1000001"
30/9/2016 -- 15:55:38 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert icmp any any -> $HOME_NET any (msg:"ICMP test detected"; sid:1000001)" from file /etc/suricata/rules/local.rules at line 1
30/9/2016 -- 15:55:38 - <Error> - [ERRCODE: SC_ERR_PCRE_MATCH(2)] - pcre_exec failed: ret -1, optstr " sid: 1000002"
30/9/2016 -- 15:55:38 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp any any -> any 23 (msg: "Drop telnet packets"; sid: 1000002)" from file /etc/suricata/rules/local.rules at line 2
30/9/2016 -- 15:55:38 - <Notice> - all 22 packet processing threads, 4 management threads initialized, engine started.
--------------------------------
Thanks in advance !
Jean
More information about the Oisf-users
mailing list