[Oisf-users] Suricata SM List?
Victor Julien
lists at inliniac.net
Thu Oct 12 17:32:35 UTC 2017
On 12-10-17 15:42, secres at linuxmail.org wrote:
> I noticed an error recently in the output when running test. I'm unsure
> of what the "sm list" is and it doesn't state which signature is
> throwing the error. Anyone know what this is?
>
> <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Unable to find the
> sm in any of the sm lists
This will be a bit tricky. If you can reduce the ruleset until you no
longer get the error it should (hopefully) give you a single rule or a
small set.
Maybe the first thing to try is to disable threshold.config entries.
You can also recompile with --enable-debug and then set a breakpoint on
the error message. Then you can find the signature id in the backtrace.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list