OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: mw01 on August 27, 2017, 04:09:38 pm

Title: Suricata Rule Parsing Errors
Post by: mw01 on August 27, 2017, 04:09:38 pm
We have been "testing" Suricata 4.0 and it works well.  Today, I was checking into TLS wrong version errors (daughter on facebook, andriod cell) and checked the logs.  There are parsing errors from abuse.ch.  For example, IDS Rules Apply, clog suricata.log | less first error:

27/8/2017 -- 09:32:29 - <Notice> - rule reload starting
27/8/2017 -- 09:32:35 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "^_<8B>^H" from file /usr/local/etc/suricata/opnsense.rules/abuse.ch.sslblacklist.rules at line 1

I recall, not all that long ago the ET ruleset parsing changed.