Closed esmelnikov closed 7 years ago
On 30 Apr 2017, at 09:30, Eduard notifications@github.com wrote:
Hello! After removing the source of "ETOpen Ruleset" due to errors: SC_ERR_UNKNOWN_DECODE_EVENT: unknown decode event "decoder.ipv4.frag_too_large" SC_ERR_INVALID_SIGNATURE: error parsing signature "alert pkthdr any any -> any any (msg:" SURICATA FRAG IPv4 Packet size too large "; decode-event: ipv4.frag_too_large; sid: 2200069; rev: 1;)" SC_ERR_UNKNOWN_DECODE_EVENT: unknown decode event "decoder.ipv6.frag_too_large" SC_ERR_INVALID_SIGNATURE: error parsing signature "alert pkthdr any any -> any any (msg:" SURICATA FRAG IPv6 Packet size too large "; decode-event: ipv6.frag_too_large; sid: 2200071; rev: 1;)"
I'm trying to add this source again, but I get the following error:
How to fix the error?
Does the ETOpen ruleset page open from your browser ? It looks like may have been temporarily down ...
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
The source "ETOpen Ruleset" was available in the browser, but it still could not be updated. If you remove the source before upgrading to SELKS 4, then there is no problem with the subsequent addition.
You can still remove it and add it in after the SELKS 4 upgrade correct?
No, I deleted and created the source before upgrading to SELKS 4. After the update, I could not do it. But if you re-create the source in SELKS 3, then in SELKS 4 with this source you can work without problems, i.e. Delete and create a new one.
Thank you for the feedback!
Hello! After removing the source of "ETOpen Ruleset" due to errors: SC_ERR_UNKNOWN_DECODE_EVENT: unknown decode event "decoder.ipv4.frag_too_large" SC_ERR_INVALID_SIGNATURE: error parsing signature "alert pkthdr any any -> any any (msg:" SURICATA FRAG IPv4 Packet size too large "; decode-event: ipv4.frag_too_large; sid: 2200069; rev: 1;)" SC_ERR_UNKNOWN_DECODE_EVENT: unknown decode event "decoder.ipv6.frag_too_large" SC_ERR_INVALID_SIGNATURE: error parsing signature "alert pkthdr any any -> any any (msg:" SURICATA FRAG IPv6 Packet size too large "; decode-event: ipv6.frag_too_large; sid: 2200071; rev: 1;)"
I'm trying to add this source again, but I get the following error:
How to fix the error?