Support #3530
closedFail to start under widows with [ERRCODE: SC_ERR_DUPLICATE_SIG(176)] - Duplicate signature
Description
Sorry to brother you ! I installed version 5.0.1 under windows 10 correctly.
I have tested the yaml:D:\suricata>suricata.exe -c suricata.yaml -T
[11412] 16/3/2020 -- 10:44:42 - (win32-service.c:53) <Info> (SCRunningAsService) -- Running as service: no
[11412] 16/3/2020 -- 10:44:42 - (suricata.c:1905) <Info> (ParseCommandLine) -- Running suricata under test mode
[11412] 16/3/2020 -- 10:44:42 - (suricata.c:1083) <Notice> (LogVersion) -- This is Suricata version 5.0.1 RELEASE running in SYSTEM mode
[11412] 16/3/2020 -- 10:44:42 - (suricata.c:3060) <Notice> (main) -- Configuration provided was successfully loaded. Exiting.
Issuing the initial test command: suricata.exe -c suricata.yaml -s D:\suricata\rules\local.rules -i 192.168.0.105
I get the following two repeating error types: SC_ERR_DUPLICATE_SIG(176) - Duplicate signatureSC_ERR_INVALID_SIGNATURE(39) - error parsing signature
D:\suricata>suricata.exe -c suricata.yaml -s D:\suricata\rules\local.rules -i 192.168.0.105
[4308] 16/3/2020 -- 10:29:17 - (win32-service.c:53) <Info> (SCRunningAsService) -- Running as service: no
[4308] 16/3/2020 -- 10:29:20 - (suricata.c:1152) <Info> (ParseCommandLinePcapLive) -- translated 192.168.0.105 to pcap device \Device\NPF_{1ED6D1E9-B4CD-4389-9DDE-DE78FFB2D2B2}
[4308] 16/3/2020 -- 10:29:20 - (suricata.c:1083) <Notice> (LogVersion) -- This is Suricata version 5.0.1 RELEASE running in SYSTEM mode
[4308] 16/3/2020 -- 10:29:20 - (tm-threads.c:2164) <Notice> (TmThreadWaitOnThreadInit) -- all 5 packet processing threads, 4 management threads initialized, engine started.
[4308] 16/3/2020 -- 10:29:20 - (detect-engine.c:4007) <Notice> (DetectEngineReload) -- rule reload starting
[4308] 16/3/2020 -- 10:29:20 - (detect-parse.c:2310) <Error> (DetectEngineAppendSig) -- [ERRCODE: SC_ERR_DUPLICATE_SIG(176)] - Duplicate signature "alert http any any -> $EXTERNAL_NET any (msg:"hit baidu.com...";content:"baidu"; reference:url, www.baidu.com; sid:2229998; rev:2;)"
[4308] 16/3/2020 -- 10:29:20 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert http any any -> $EXTERNAL_NET any (msg:"hit baidu.com...";content:"baidu"; reference:url, www.baidu.com; sid:2229998; rev:2;)" from file D:\suricata\rules\local.rules at line 1
[4308] 16/3/2020 -- 10:29:20 - (detect-engine.c:4078) <Notice> (DetectEngineReload) -- rule reload complete
[4308] 16/3/2020 -- 10:29:20 - (suricata.c:2592) <Notice> (PostRunStartedDetectSetup) -- Signature(s) loaded, Detect thread(s) activated.
I have noticed the same problem like mine before. But I didn't get the exactly way to solve it. As I am a newbie into Suricata IDS, can you suggest possible corrections to have it start up properly?
Files
