Author Topic: Suricata Rule Parsing Errors (Read 1887 times)

mw01 · « **on:** August 27, 2017, 04:09:38 pm »

We have been "testing" Suricata 4.0 and it works well. Today, I was checking into TLS wrong version errors (daughter on facebook, andriod cell) and checked the logs. There are parsing errors from abuse.ch. For example, IDS Rules Apply, clog suricata.log | less first error:

27/8/2017 -- 09:32:29 - <Notice> - rule reload starting
27/8/2017 -- 09:32:35 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "^_<8B>^H" from file /usr/local/etc/suricata/opnsense.rules/abuse.ch.sslblacklist.rules at line 1

I recall, not all that long ago the ET ruleset parsing changed.

Author Topic: Suricata Rule Parsing Errors (Read 1887 times)

mw01

Suricata Rule Parsing Errors