[Oisf-users] Un-initialized flowbit warning
Victor Julien
lists at inliniac.net
Wed Nov 7 19:07:38 UTC 2018
On 07-11-18 19:07, James Moe wrote:
> Hello,
> suricata v4.1.0
> linux v4.12.14-lp150.12.16-default x86_64
>
> Since installing 4.1.0, a number (14) of flowbit warnings appear
> during startup; a sample is shown below.
> Should I be concerned about any of these?
>
> In emerging-web_client.rules:
> 7/11/2018 -- 04:59:03 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] -
> flowbit 'et.MCOFF' is checked but not set. Checked in 2019837 and 1
> other sigs
It means that rule 2019837 can never match. So loading it is pointless.
suricata-update can resolve flowbits, so it should automatically enable
the rule(s) that 'set' the flowbit for rules that check a flowbit. I
believe pulledpork does this as well.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181107/8bea8030/attachment.sig>
More information about the Oisf-users
mailing list