[Oisf-users] duplicate signature

David Wharton oisf at davidwharton.us
Wed Feb 22 12:16:25 UTC 2017


Usually this happens when you have multiple signatures with the same
sid.  Where else are you loading rules from?  Try grepping all the rules
files that Suricata is loading.

-David


On 02/22/2017 06:51 AM, Vieri wrote:
> 22/2/2017 -- 12:42:15 - <Error> - [ERRCODE: SC_ERR_DUPLICATE_SIG(176)] - Duplicate signature "drop ip $EXTERNAL_NET any -> $HOME_NET any (msg:"obnoxious GeoIP block"; geoip:src,!US,CA,EU,ES,PT,FR,DE,GB,IT,BE; sid:5000001; rev:1;)"
> 22/2/2017 -- 12:42:15 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop ip $EXTERNAL_NET any -> $HOME_NET any (msg:"obnoxious GeoIP block"; geoip:src,!US,CA,EU,ES,PT,FR,DE,GB,IT,BE; sid:5000001; rev:1;)" from file /etc/suricata/rules/local.rules at line 1




More information about the Oisf-users mailing list