Project

General

Profile

Actions

Bug #374

closed

Suricata on Windows - empty lines in rule files

Added by Peter Manev almost 11 years ago. Updated almost 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

There is an issue if there are ampty lines in any rule file , when running Suricata under Windows - it is reported as a rule parsing err:
[4688] 11/11/2011 -- 11:04:39 - (flow.c:954) <Info> (FlowInitConfig) -- flow memory usage: 1844288 bytes, maximum: 33554432
" from file c:/suricata/rules/decoder-events.rules at line 2ct*LoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line *11t*LoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line *77t*LoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line 78tLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/stream-events.rules at line 49ctLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/stream-events.rules at line 50ctLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
[4688] 11/11/2011 -- 11:04:39 - (detect.c:631) <Info> (SigLoadSignatures) -- 2 rule files processed. 120 rules succesfully loaded, *6 rules failed

but those are actually empty lines.

Also -
If suricata.log is enabled it still reports the same thing , but it reports the line number correctly as opposed to win cmd output:

4688] 11/11/2011 -- 11:04:39 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line 2
[4688] 11/11/2011 -- 11:04:39 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line 11
[4688] 11/11/2011 -- 11:04:39 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line 77
[4688] 11/11/2011 -- 11:04:39 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line 78
[4688] 11/11/2011 -- 11:04:39 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/stream-events.rules at line 49
[4688] 11/11/2011 -- 11:04:39 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/stream-events.rules at line 50


Files

suricata.log (7.72 KB) suricata.log Peter Manev, 11/11/2011 04:20 AM
Capture.PNG (30.2 KB) Capture.PNG Peter Manev, 11/11/2011 04:20 AM
Actions #1

Updated by Victor Julien almost 11 years ago

  • Subject changed from Suricata on Windows - empty lines in rue files to Suricata on Windows - empty lines in rule files
  • Status changed from New to Assigned
  • Assignee set to Victor Julien
  • Target version set to 1.2

Likely an issue with windows style newlines, I'll have a look.

Actions #2

Updated by Victor Julien almost 11 years ago

It is indeed the issue I thought it was. Peter, can you check out all other files we read to see if they have the same issue? Thinking classification, reference, threshold, yaml, etc here.

Actions #3

Updated by Peter Manev almost 11 years ago

classification, reference, threshold and yaml do not have that problem.

Actions #4

Updated by Victor Julien almost 11 years ago

  • Status changed from Assigned to Closed
  • Target version changed from 1.2 to 1.2beta1
  • % Done changed from 0 to 100

Fixed in my tree, will push it out soon.

Actions

Also available in: Atom PDF