[Oisf-users] Suricata PCRE Unicode/UTF-8 Matching
carl rizzle
rizzlecarl at gmail.com
Tue Jan 22 16:37:29 UTC 2019
I am currently running Suricata-4.0.0 with pcre version 8.42.
I compiled pcre version 8.42 as follows:
./configure --prefix=/usr \
--docdir=/usr/share/doc/pcre-8.42 \
--enable-unicode-properties \
--enable-pcre16 \
--enable-pcre32 \
--enable-pcregrep-libz \
--enable-pcregrep-libbz2 \
--disable-static \
--enable-pcretest-libreadline \
--enable-utf8
...and ran make
Suricata was compiled as follows:
./configure with_libpcre_includes=/root/suricata-4.0.0/pcre-8.42/
with_libpcre_libraries=/root/suricata-4.0.0/pcre-8.42/.libs/
...and ran make && make install
My goal is to make a rule that matches on the Chinese character: 投
I created a rule that matches on utf-8 characters (i.e.
pcre:"/\xe6\x8a\95/") as well as utf-16
(i.e. pcre:"/\X{6295}/"). Suricata accepted both rules but none of them
matched the character
that I know is in my sample data. Any Idea if my PCRE expression is
incorrect or if I configured Suricata
incorrectly? Are there other encoding formats that I am missing?
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190122/e71b37d9/attachment.html>
More information about the Oisf-users
mailing list