SURICATA - <Error> - [错误代码:SC_ERR_DUPLICATE_SIG(176)]
SURICATA - <Error> - [ERRCODE: SC_ERR_DUPLICATE_SIG(176)]
当我执行
sudo suricata -i enp0s8 -c suricata.yaml -s rules/misreglas.rules
获取输出:
<Error> - [ERRCODE: SC_ERR_DUPLICATE_SIG(176)] - Duplicate signature "drop http $HOME_NET any -> any any (msg: "HTTP DROP";)"
<Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $HOME_NET any -> any any (msg: "HTTP DROP";)" from file rules/misreglas.rules at line 1
misreglas.rules内容
drop http $HOME_NET any -> any any (msg: "HTTP DROP";)
你必须这样制定规则:
drop ICMP any any -> 169.69.1.11 any (msg: "test";sid:10001;)
drop HTTP $HOME_NET any -> any any (msg: "HTTP DROP";sid:10002;)
我放 sid 的地方你必须放 sid 还没有被使用。
当我执行
sudo suricata -i enp0s8 -c suricata.yaml -s rules/misreglas.rules
获取输出:
<Error> - [ERRCODE: SC_ERR_DUPLICATE_SIG(176)] - Duplicate signature "drop http $HOME_NET any -> any any (msg: "HTTP DROP";)"
<Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $HOME_NET any -> any any (msg: "HTTP DROP";)" from file rules/misreglas.rules at line 1
misreglas.rules内容
drop http $HOME_NET any -> any any (msg: "HTTP DROP";)
你必须这样制定规则:
drop ICMP any any -> 169.69.1.11 any (msg: "test";sid:10001;)
drop HTTP $HOME_NET any -> any any (msg: "HTTP DROP";sid:10002;)
我放 sid 的地方你必须放 sid 还没有被使用。