Project

General

Profile

Actions

Bug #920

closed

Suricata failed to parse address

Added by Paolo Dangeli over 11 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

I want to check subnet but exclude one ip .

I've read a documentation at https://redmine.openinfosecfoundatio...Suricata_Rules and report this example :

[10.0.0.0/24, !10.0.0.5] (10.0.0.0/24 except for 10.0.0.5)

Now, in my suricata configuration I've set HOME_NET wit :

HOME_NET: "[10.10.10.0/24, !10.10.10.247]"

But, when I start suricata receive this error :

12/8/2013 -- 08:56:09 - <Error> - [ERRCODE: SC_ERR_ADDRESS_ENGINE_GENERIC(89)] - failed to parse address " 10.10.10.247"
12/8/2013 -- 08:56:09 - <Error> - [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - failed to parse address var "HOME_NET" with value "[10.10.10.0/24, !10.10.10.247]". Please check it's syntax
12/8/2013 -- 08:56:09 - <Error> - [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - basic address vars test failed. Please check /etc/suricata/suricata.yaml for errors

I've Suricata version 1.4.5 RELEASE and same problem with Suricata version 2.0dev (rev ff668c2).

How can I exclude one ip from check, what is correct syntax .

Thanks

Actions

Also available in: Atom PDF