[Oisf-users] IP Reputation Error
Phil Daws
uxbod at splatnix.net
Fri Nov 3 15:09:39 UTC 2017
Hello,
Have upgraded to Suricata v4.0.1 and now the IP reputation is no longer working. The error when I check the configuration is:
3/11/2017 -- 14:38:01 - <Error> - [ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - unknown iprep category "BadHosts"
3/11/2017 -- 14:38:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ip any any -> any any (msg:"IPREP High Risk"; iprep:src,BadHosts,>,99; sid:3790031; rev:1;)" from file /etc/suricata/rules/local.rules at line 2
3/11/2017 -- 14:38:01 - <Error> - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading signatures failed.
and the rule that is in use:
alert ip any any -> any any (msg:"IPREP High Risk"; iprep:src,BadHosts,>,99; sid:3790031; rev:1;)
It believes that the category is not there but it is:
cat /etc/suricata/iprep/categories.txt
1,BadHosts,Bad Host
2,GoodHosts,Known Good Host
and is being referenced correctly in suricata.yaml:
# IP Reputation
reputation-categories-file: /etc/suricata/iprep/categories.txt
default-reputation-path: /etc/suricata/iprep
reputation-files:
- reputation.list
Any thoughts as to what the error is please ?
Thanks - Phil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171103/9ced493f/attachment-0001.html>
More information about the Oisf-users
mailing list