Bug #374
closedSuricata on Windows - empty lines in rule files
Description
There is an issue if there are ampty lines in any rule file , when running Suricata under Windows - it is reported as a rule parsing err:
[4688] 11/11/2011 -- 11:04:39 - (flow.c:954) <Info> (FlowInitConfig) -- flow memory usage: 1844288 bytes, maximum: 33554432
" from file c:/suricata/rules/decoder-events.rules at line 2ct*LoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line *11t*LoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line *77t*LoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line 78tLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/stream-events.rules at line 49ctLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/stream-events.rules at line 50ctLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
[4688] 11/11/2011 -- 11:04:39 - (detect.c:631) <Info> (SigLoadSignatures) -- 2 rule files processed. 120 rules succesfully loaded, *6 rules failed
but those are actually empty lines.
Also -
If suricata.log is enabled it still reports the same thing , but it reports the line number correctly as opposed to win cmd output:
4688] 11/11/2011 -- 11:04:39 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line 2
[4688] 11/11/2011 -- 11:04:39 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line 11
[4688] 11/11/2011 -- 11:04:39 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line 77
[4688] 11/11/2011 -- 11:04:39 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line 78
[4688] 11/11/2011 -- 11:04:39 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/stream-events.rules at line 49
[4688] 11/11/2011 -- 11:04:39 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/stream-events.rules at line 50
Files
Updated by Victor Julien about 13 years ago
- Subject changed from Suricata on Windows - empty lines in rue files to Suricata on Windows - empty lines in rule files
- Status changed from New to Assigned
- Assignee set to Victor Julien
- Target version set to 1.2
Likely an issue with windows style newlines, I'll have a look.
Updated by Victor Julien about 13 years ago
It is indeed the issue I thought it was. Peter, can you check out all other files we read to see if they have the same issue? Thinking classification, reference, threshold, yaml, etc here.
Updated by Peter Manev about 13 years ago
classification, reference, threshold and yaml do not have that problem.
Updated by Victor Julien about 13 years ago
- Status changed from Assigned to Closed
- Target version changed from 1.2 to 1.2beta1
- % Done changed from 0 to 100
Fixed in my tree, will push it out soon.