Feature #256
closedrule keyword 'fwsam'
Description
unknown rule keyword 'fwsam'
Exmple:
[9838] 20/12/2010 -- 11:50:14 - (detect-parse.c:655) <Error> (SigParseOptions) -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(100)] - unknown rule keyword 'fwsam'.
[9838] 20/12/2010 -- 11:50:14 - (detect.c:526) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "alert tcp [93.185.109.191,93.19.6.176,93.2.186.8,93.219.162.144,93.232.50.174,93.25.117.12,93.25.122.200,93.26.14.101,93.27.114.68,93.29.105.52] any -> $HOME_NET any (msg:"ET TOR Known Tor Exit Node TCP Traffic - BLOCKING (82)"; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/TorRules; threshold: type limit, track by_src, seconds 60, count 1; classtype:misc-attack; sid:2525162; rev:701; fwsam: src, 24 hours;)" from file /etc/suricata/rules/emerging-tor-BLOCK.rules at line 208
Updated by Victor Julien over 13 years ago
- Target version set to TBD
This would require us / someone to implement functionality similar to Snortsam.
Updated by Victor Julien about 13 years ago
- Assignee set to Anonymous
- Target version deleted (
TBD)
Updated by Victor Julien almost 13 years ago
- Status changed from New to Rejected
Now that barnyard2 1.10 beta 1 is adding support for Snortsam, there is no need for adding this support to our engine.