[Oisf-users] Problem to Start Suricata
rmkml
rmkml at ligfy.org
Thu Jul 13 23:44:03 UTC 2017
Hi Mesra,
yes you have switched dest_ip (any) and dest_port ([25,587,465]), please
try this (not tested):
alert tcp $HOME_NET any -> any [25,587,465] (msg:"*** WARNING!!! WARNING!!! SUSPECT SPAMMER!!! ***"; dsize:>0; content:"sexiest"; sid:6677666667; rev:1;)
Best Regards
@Rmkml
On Fri, 14 Jul 2017, Mesra.net CEO wrote:
> Dear All,
>
> I have problem on Suricata as below:
>
> 14/7/2017 -- 07:32:44 - <Error> - [ERRCODE: SC_ERR_ADDRESS_ENGINE_GENERIC(89)] - failed to parse address "25"
> 14/7/2017 -- 07:32:44 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> [25,587,465] any (msg:"*** WARNING!!! WARNING!!! SUSPECT SPAMMER!!! ***"; dsize:>0;
> content:"sexiest"; sid:6677666667; rev:1;)" from file /etc/suricata/rules/custom.rules at line 46
>
> Is thres any problem with my rule:
>
> alert tcp $HOME_NET any -> [25,587,465] any (msg:"*** WARNING!!! WARNING!!! SUSPECT SPAMMER!!! ***"; dsize:>0; content:"sexiest"; sid:6677666667; rev:1;)" from file /etc/suricata/rules/custom.rules at line 46
>
> Please advice. TQ so much
>
>
>
>
More information about the Oisf-users
mailing list