[Oisf-users] Errors in Suricata.log - SC_ERR_NUMERIC_VALUE_ERANGE and SC_ERR_INVALID_NUM_BYTES

Eric Urban eurban at umn.edu
Mon Apr 8 20:30:53 UTC 2019

We occasionally have had the following errors in our suricata.log, which
have always been paired together, and I am having trouble tracking down the
source of the errors.

extracting 0 bytes of string data: -1"}}
value out of range"}}

We started seeing these after we switched over to using the 4.x rules from
Emerging Threats from the 3.x set.

I tried looking at common alerts during these times, and did find at least
one, but this particular rule fires often enough that we see a hit on it
once per second so it seems like it could be a coincidence.

I am also not sure that there would be an alert logged in the situations
where we run into these errors since this may prevent a match from

I looked through the Suricata source code for hints.  I believe this would
be reached from using the isdataat keyword in rules but am not certain that
is the only way to reach this.

Does anyone have suggestions on where to go from here?  I am trying to
avoid enabling debug across all instances of Suricata we have.

Thank you,

Eric Urban
University Information Security | Office of Information Technology |
University of Minnesota | umn.edu
eurban at umn.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190408/58ce3e75/attachment.html>

More information about the Oisf-users mailing list