Support #1362
closed
how to fix "no Modbus TCP config found, enabling Modbus detection on port 502" warning when starting suricata?
Added by Complex Integrations almost 10 years ago.
Updated almost 10 years ago.
Description
how do i fix this issue when starting suricata?
(app-layer-modbus.c:1362) <Warning> (RegisterModbusParsers) -- [ERRCODE: SC_ERR_MODBUS_CONFIG(241)] - no Modbus TCP config found, enabling Modbus detection on port 502.
Do you have a modbus section in your config? Under app-layer:
# Note: Modbus probe parser is minimalist due to the poor significant field
# Only Modbus message length (greater than Modbus header length)
# And Protocol ID (equal to 0) are checked in probing parser
# It is important to enable detection port and define Modbus port
# to avoid false positive
modbus:
# How many unreplied Modbus requests are considered a flood.
# If the limit is reached, app-layer-event:modbus.flooded; will match.
#request-flood: 500
enabled: yes
detection-ports:
dp: 502
# According to MODBUS Messaging on TCP/IP Implementation Guide V1.0b, it
# is recommended to keep the TCP connection opened with a remote device
# and not to open and close it for each MODBUS/TCP transaction. In that
# case, it is important to set the depth of the stream reassembling as
# unlimited (stream.reassembly.depth: 0)
Victor Julien wrote:
Do you have a modbus section in your config? Under app-layer:
[...]
i do now. thx. fixed.
- Tracker changed from Bug to Support
- Status changed from New to Closed
Good to hear that, thanks.
Also available in: Atom
PDF