Error message in Suricata

jljb66 · August 30, 2018, 06:29:26 PM

trying to block Russia but running into error message using IDS

Aug 30 12:26:13 jsb-fw1 suricata: [100103] <Notice> -- This is Suricata version 4.0.5 RELEASE
Aug 30 12:26:13 jsb-fw1 suricata: [100135] <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop ip any any -> any any (msg:"block russia"; geoip:src,RU ; sid:4294967294; rev:1;)" from file /usr/local/etc/suricata/opnsense.rules/OPNsense.rules at line 8
Aug 30 12:26:13 jsb-fw1 suricata: [100135] <Notice> -- all 2 packet processing threads, 4 management threads initialized, engine started.

jljb66 · August 31, 2018, 03:12:06 PM

here is line 8 from the rule

# -- User defined rules
drop ip any any -> any any (msg:"block russia"; geoip:src,RU ; sid:4294967294; rev:1;)

Error message in Suricata

jljb66

August 30, 2018, 06:29:26 PM

jljb66

August 31, 2018, 03:12:06 PM #1