[Oisf-users] duplicate signature
David Wharton
oisf at davidwharton.us
Wed Feb 22 12:16:25 UTC 2017
Usually this happens when you have multiple signatures with the same
sid. Where else are you loading rules from? Try grepping all the rules
files that Suricata is loading.
-David
On 02/22/2017 06:51 AM, Vieri wrote:
> 22/2/2017 -- 12:42:15 - <Error> - [ERRCODE: SC_ERR_DUPLICATE_SIG(176)] - Duplicate signature "drop ip $EXTERNAL_NET any -> $HOME_NET any (msg:"obnoxious GeoIP block"; geoip:src,!US,CA,EU,ES,PT,FR,DE,GB,IT,BE; sid:5000001; rev:1;)"
> 22/2/2017 -- 12:42:15 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop ip $EXTERNAL_NET any -> $HOME_NET any (msg:"obnoxious GeoIP block"; geoip:src,!US,CA,EU,ES,PT,FR,DE,GB,IT,BE; sid:5000001; rev:1;)" from file /etc/suricata/rules/local.rules at line 1
More information about the Oisf-users
mailing list