Bug #3536
closed
Added by Kenneth Kolano almost 5 years ago.
Updated over 4 years ago.
Description
I'm getting a "Bad number of arguments." error when launching Suricata-update, even if no parameters are specified in the command...
sudo suricata-update
Traceback (most recent call last):
File "/usr/bin/suricata-update", line 33, in <module>
sys.exit(main.main())
File "/usr/bin/../lib/python2.7/site-packages/suricata/update/main.py", line 1515, in main
sys.exit(_main())
File "/usr/bin/../lib/python2.7/site-packages/suricata/update/main.py", line 1318, in _main
modify_filters += load_filters(modify_conf_filename)
File "/usr/bin/../lib/python2.7/site-packages/suricata/update/main.py", line 451, in load_filters
filter = ModifyRuleFilter.parse(line)
File "/usr/bin/../lib/python2.7/site-packages/suricata/update/main.py", line 272, in parse
raise Exception("Bad number of arguments.")
Exception: Bad number of arguments.
sudo suricata-update -V
suricata-update version 1.0.6
Full Output beyond just the error quoted above...
17/3/2020 -- 10:11:20 - <Info> -- Loading /etc/suricata/update.yaml
17/3/2020 -- 10:11:20 - <Info> -- Using data-directory /var/lib/suricata.
17/3/2020 -- 10:11:20 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml
17/3/2020 -- 10:11:20 - <Info> -- Using /etc/suricata/rules for Suricata provided rules.
17/3/2020 -- 10:11:20 - <Info> -- Found Suricata version 4.1.6 at /usr/bin/suricata.
17/3/2020 -- 10:11:20 - <Info> -- Loading /etc/suricata/disable.conf.
17/3/2020 -- 10:11:20 - <Info> -- Loading /etc/suricata/enable.conf.
17/3/2020 -- 10:11:20 - <Info> -- Loading /etc/suricata/modify.conf.
Traceback (most recent call last):
File "/usr/bin/suricata-update", line 33, in <module>
sys.exit(main.main())
File "/usr/bin/../lib/python2.7/site-packages/suricata/update/main.py", line 1515, in main
sys.exit(_main())
File "/usr/bin/../lib/python2.7/site-packages/suricata/update/main.py", line 1318, in _main
modify_filters += load_filters(modify_conf_filename)
File "/usr/bin/../lib/python2.7/site-packages/suricata/update/main.py", line 451, in load_filters
filter = ModifyRuleFilter.parse(line)
File "/usr/bin/../lib/python2.7/site-packages/suricata/update/main.py", line 272, in parse
raise Exception("Bad number of arguments.")
Exception: Bad number of arguments.
This is reporting an error while parsing your modify.conf, it not a very user friendly way (which we should address). For now, can you post your modify.conf as well?
Ah, thanks.
So it was having trouble with this line intended to backtrack rules using tls.cert_subject back to the 4.x format.
re:"tls.cert_subject" "tls_cert_subject"
The syntax for "re" modifications in modify.conf could also be better documented. The only coverage currently seems to be...
# Change all trojan-activity rules to drop. Its better to setup a
# drop.conf for this, but this does show the use of back references.
#re:classtype:trojan-activity "(alert)(.*)" "drop\\2"
...but it's unclear how to perform a re not restricted to a particular classtype.
- Status changed from New to Assigned
- Target version set to 1.2.0
- Copied to Bug #3619: 1.1.x: Bad number of arguments. added
- Copied to Bug #3625: 1.0.x: Bad number of arguments. added
- Status changed from Assigned to Closed
- Assignee changed from Shivani Bhardwaj to Jason Ish
- Target version changed from 1.2.0 to 1.2.0rc1
Also available in: Atom
PDF