Project

General

Profile

Actions

Bug #1697

closed

byte_extract incompatibility with Snort.

Added by Jason Ish almost 9 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Test with TALOS subscriber ruleset, Feb. 7 2016.

Suricata fails to parse a rule with the error:

[ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Base not specified for byte_extract, though string was specified.  The right options are (string, hex), (string, oct) or (string, dec)

And the relevant part of the rule being:

byte_extract:10,0,colspan,relative,string;
Actions

Also available in: Atom PDF