Actions
Optimization #3429
closedimprove err msg for dataset rules parsing
Effort:
low
Difficulty:
low
Label:
Description
Might be helpful to the end user if the err message is a step more descriptive where the error is. In the example below i forgot to add
,type string;
to the "dataset" stanza. Maybe something like - "No dataset type specified" or similar
/opt/suritest/bin/suricata -V This is Suricata version 5.0.2-dev (700eebaec 2019-12-21) sudo /opt/suritest/bin/suricata -l log/ -S /opt/suritest/var/lib/suricata/rules/http-abuse-hostnames-dataset.rules -T [359272] 31/12/2019 -- 14:48:42 - (suricata.c:1905) <Info> (ParseCommandLine) -- Running suricata under test mode [359272] 31/12/2019 -- 14:48:42 - (suricata.c:1083) <Notice> (LogVersion) -- This is Suricata version 5.0.2-dev (700eebaec 2019-12-21) running in SYSTEM mode [359272] 31/12/2019 -- 14:48:42 - (datasets.c:417) <Notice> (DatasetGet) -- dataset and datarep features are experimental and subject to change [359272] 31/12/2019 -- 14:48:42 - (datasets.c:455) <Error> (DatasetGet) -- [ERRCODE: SC_ERR_DATASET(322)] - dataset base64hostnames.list not defined [359272] 31/12/2019 -- 14:48:42 - (detect-dataset.c:377) <Error> (DetectDatasetSetup) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - failed to set up dataset 'base64hostnames.list'. [359272] 31/12/2019 -- 14:48:42 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "pass http $HOME_NET any -> any any (msg:"StamusN whitelisted HTTP hostname - Abuse URLs "; http.host; dataset:set,base64hostnames.list; bypass; sid:4444; rev:1; )" from file /opt/suritest/var/lib/suricata/rules/http-abuse-hostnames-dataset.rules at line 1 [359272] 31/12/2019 -- 14:48:42 - (detect-engine-loader.c:345) <Warning> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rule was loaded at all! [359272] 31/12/2019 -- 14:48:42 - (suricata.c:2478) <Error> (LoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading signatures failed. sudo cat /opt/suritest/var/lib/suricata/rules/http-abuse-hostnames-dataset.rules pass http $HOME_NET any -> any any (msg:"StamusN whitelisted HTTP hostname - Abuse URLs "; http.host; dataset:set,base64hostnames.list; bypass; sid:4444; rev:1; ) sudo head -5 /opt/suritest/var/lib/suricata/rules/base64hostnames.list MTc3LjEyNS4zNy4xNTYK MTcyLjM2LjE0LjExMAo= MjIyLjE4Ny4xNjUuMjQ1Cg== MS4yNDYuMjIzLjEyNwo= MTgwLjEyNC4yNi44Mwo= ... ...
Actions