[prev in list] [next in list] [prev in thread] [next in thread]
List: oisf-users
Subject: Re: [Oisf-users] making progress on my suricata config but.. ;)
From: Peter Manev <petermanev () gmail ! com>
Date: 2014-09-26 9:10:32
Message-ID: CAMhe82KKQVJuFgTC5sthxD0b4rYRdzu31dxU6RQ+=zOg0Yoaxg () mail ! gmail ! com
[Download RAW message or body]
On Tue, Sep 23, 2014 at 5:00 AM, Russell Fulton <r.fulton@auckland.ac.nz> wrote:
> I recently upgraded suri to 2.0.3 via the SO package. ( I also got the right rule \
> tarball eventually ;) I think...
> Naively I simply used my old config and I quickly noticed that a whole lot of rules \
> were not triggering. I discovered that there is now an app-layer section in the \
> yaml file and copying that from SO supplied template resulted in a great \
> improvement.
> One question: Is there a definitive list of all the options in the yaml file. I \
> have been using https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricatayaml \
> but this does not have app-layer: nor does it have host:. I also note that in my \
> rule directory for 2.0.3 there is a 1.3-suricata.yaml but no 2.0.3. How can I \
> check that I really have the right tarball? If I don't then that would explain the \
> odd error that I reported earlier with a rule generating errors.
One way to do it - have a look at the ChangeLog file in the tar ball.
>
> I now have one obvious hole: none of the udp signatures are being triggered.
>
> Is there anything that I could have broken in the config that would disable all udp \
> rules?
> Russell
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
--
Regards,
Peter Manev
_______________________________________________
Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic