Project

General

Profile

Actions

Bug #374

closed

Suricata on Windows - empty lines in rule files

Added by Peter Manev over 12 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

There is an issue if there are ampty lines in any rule file , when running Suricata under Windows - it is reported as a rule parsing err:
[4688] 11/11/2011 -- 11:04:39 - (flow.c:954) <Info> (FlowInitConfig) -- flow memory usage: 1844288 bytes, maximum: 33554432
" from file c:/suricata/rules/decoder-events.rules at line 2ct*LoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line *11t*LoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line *77t*LoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line 78tLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/stream-events.rules at line 49ctLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/stream-events.rules at line 50ctLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
[4688] 11/11/2011 -- 11:04:39 - (detect.c:631) <Info> (SigLoadSignatures) -- 2 rule files processed. 120 rules succesfully loaded, *6 rules failed

but those are actually empty lines.

Also -
If suricata.log is enabled it still reports the same thing , but it reports the line number correctly as opposed to win cmd output:

4688] 11/11/2011 -- 11:04:39 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line 2
[4688] 11/11/2011 -- 11:04:39 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line 11
[4688] 11/11/2011 -- 11:04:39 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line 77
[4688] 11/11/2011 -- 11:04:39 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/decoder-events.rules at line 78
[4688] 11/11/2011 -- 11:04:39 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/stream-events.rules at line 49
[4688] 11/11/2011 -- 11:04:39 - (detect.c:499) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "
" from file c:/suricata/rules/stream-events.rules at line 50


Files

suricata.log (7.72 KB) suricata.log Peter Manev, 11/11/2011 04:20 AM
Capture.PNG (30.2 KB) Capture.PNG Peter Manev, 11/11/2011 04:20 AM
Actions

Also available in: Atom PDF