Actions
Bug #4377
closed64 Character Limit on IP for thresholding.conf
Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:
Description
Hi All,
This is Josh from the Security Onion team. We have recently upgraded to 6.0.1, and a user has reported an issue (https://github.com/Security-Onion-Solutions/securityonion/discussions/3248) with a character limit for the IP in thresholding.conf that didn't exist previously.
Previously, the following rule would work:
suppress gen_id 1, sig_id 2100371, track by_dst, ip 1.1.1.1,2.2.2.2,3.3.3.3,4.4.4.4,5.5.5.5,6.6.6.6,7.7.7.7,81.8.8.8
However, on 6.0.1, we receive an error in the log when running the same rule:
<Error> - [ERRCODE: SC_ERR_PCRE_COPY_SUBSTRING(325)] - pcre_copy_substring failed
Any insight on this issue would be greatly appreciated.
Thank you.
Actions