Upgrading from Suricata 2.0beta to Suricata 2.0¶

During the 2.0 development cycle, a few things were changed around.

DNS config¶

Early in the 2.0beta cycle we had:

app-layer:
  protocols:
    dnstcp:
       enabled: yes
       detection-ports:
         tcp:
           toserver: 53
    dnsudp:
       enabled: yes
       detection-ports:
         udp:
           toserver: 53

In 2.0rc1 this changed to:

app-layer:
  protocols:
    dns:
      tcp:
        enabled: yes
        detection-ports:
          toserver: 53
      udp:
        enabled: yes
        detection-ports:
          toserver: 53

In 2.0rc1 loading the dns-events.rules would fail with error:

[10054] 13/2/2014 -- 16:58:51 - (detect-app-layer-event.c:232) <Error> (DetectAppLayerEventSetupP2) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - App layer event setup phase2 failure.
[10054] 13/2/2014 -- 16:58:51 - (detect-parse.c:1536) <Error> (SigInitHelper) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature parsing failed: "alert dns any any -> any any (msg:"SURICATA DNS Unsollicited response"; flow:to_client;

The solution is making the above change.

The next release will handle this more graceful.

Files (0)

Project

General

Profile

Suricata

Wiki

Upgrading from Suricata 2.0beta to Suricata 2.0¶

DNS config¶