[Oisf-users] Suricata versions (4.1.2 and 3.1) will not run after initial install on CENTOS 6.10 with SC_ERR_PCRE_COMPILE error
MATT DOUgherty
doughertysnp at gmail.com
Tue Jan 1 14:40:17 UTC 2019
Thank you for the reply Peter.
Yes, Same results.
[root at newfw ~]# /usr/bin/suricata -c /etc/suricata/suricata.yaml -S /dev/null -i eth1
1/1/2019 -- 04:33:29 - <Notice> - This is Suricata version 4.1.2 RELEASE
1/1/2019 -- 04:33:29 - <Error> - [ERRCODE: SC_ERR_PCRE_COMPILE(5)] - pcre compile of "\S[0-9A-z_]+[.][A-z0-9_+.]+$" failed at offset 12: POSIX collating elements are not supported
Offset 12 seems to indicate the plus character so I changed every instance to {1,} and still get the same basic error.
[root at newfw ~]# /usr/bin/suricata -c /etc/suricata/suricata.yaml -S /dev/null -i eth1
1/1/2019 -- 04:33:29 - <Notice> - This is Suricata version 4.1.2 RELEASE
1/1/2019 -- 04:33:29 - <Error> - [ERRCODE: SC_ERR_PCRE_COMPILE(5)] - pcre compile of "\S[0-9A-z_]+[.][A-z0-9_+.]+$" failed at offset 12: POSIX collating elements are not supported
Thanks for thought. Maybe multiple python regex libraries? I know it must be me because no one else seems to have this issue.
Matt.
> On Jan 1, 2019, at 4:14 AM, Peter Manev <petermanev at gmail.com> wrote:
>
>
>
> On 30 Dec 2018, at 16:57, MATT DOUgherty <doughertysnp at gmail.com <mailto:doughertysnp at gmail.com>> wrote:
>
>> I get a PCRE compile error that prevents any other interesting log data. Does anyone have an idea of that the could be?
>>
>> This is a clean install from source on CENTOS 6.10 with several versions of Suricata. I have snort installed. Is the existing snort install messing it up?
>>
>>
>> [root at newfw suricata-4.1.2]# /usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth1
>> 30/12/2018 -- 04:51:07 - <Notice> - This is Suricata version 4.1.2 RELEASE
>> 30/12/2018 -- 04:51:07 - <Error> - [ERRCODE: SC_ERR_PCRE_COMPILE(5)] - pcre compile of "\S[0-9A-z_]+[.][A-z0-9_+.]+$" failed at offset 12: POSIX collating elements are not supported
>> ____
>
> Do you have the same error if you start/load with 0 rules ? (You can try adding “-S /dev/null” to the starting line, could be rule related I was thinking )
>
>
>
>> ___________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org <mailto:oisf-users at openinfosecfoundation.org>
>> Site: http://suricata-ids.org <http://suricata-ids.org/> | Support: http://suricata-ids.org/support/ <http://suricata-ids.org/support/>
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users <https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users>
>>
>> Conference: https://suricon.net <https://suricon.net/>
>> Trainings: https://suricata-ids.org/training/ <https://suricata-ids.org/training/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190101/d2ecc80b/attachment.html>
More information about the Oisf-users
mailing list