search

brimdata / build-suricata

Build Suricata for packaging with Brim
8 stars 2 forks source link

Suricata outputs [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] errors #34

Closed henridf closed 3 years ago

henridf commented 3 years ago

Suricata currently outputs errors about protocol modbus being disabled. Logs are still processed and output ok, but we should fix the configuration so it doesn't.

0/11/2020 -- 18:46:01 - <Notice> - This is Suricata version 5.0.3 RELEASE running in USER mode
20/11/2020 -- 18:46:01 - <Info> - CPUs/cores online: 8
20/11/2020 -- 18:46:01 - <Info> - No 'host-mode': suricata is in IDS mode, using default setting 'sniffer-only'
20/11/2020 -- 18:46:01 - <Info> - eve-log output device (regular) initialized: eve.json
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol dnp3 is disabled
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert dnp3 any any -> any any (msg:"SURICATA DNP3 Request flood detected";        app-layer-event:dnp3.flooded; classtype:protocol-command-decode; sid:2270000; rev:2;)" from file /Users/henridf/work/brim/zq/bin/suricata-v5.0.3-brim13/var/lib/suricata/rules/suricata.rules at line 123
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol dnp3 is disabled
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert dnp3 any any -> any any (msg:"SURICATA DNP3 Length too small";        app-layer-event:dnp3.len_too_small; classtype:protocol-command-decode; sid:2270001; rev:3;)" from file /Users/henridf/work/brim/zq/bin/suricata-v5.0.3-brim13/var/lib/suricata/rules/suricata.rules at line 124
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol dnp3 is disabled
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert dnp3 any any -> any any (msg:"SURICATA DNP3 Bad link CRC";        app-layer-event:dnp3.bad_link_crc; classtype:protocol-command-decode; sid:2270002; rev:2;)" from file /Users/henridf/work/brim/zq/bin/suricata-v5.0.3-brim13/var/lib/suricata/rules/suricata.rules at line 125
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol dnp3 is disabled
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert dnp3 any any -> any any (msg:"SURICATA DNP3 Bad transport CRC";        app-layer-event:dnp3.bad_transport_crc; classtype:protocol-command-decode; sid:2270003; rev:2;)" from file /Users/henridf/work/brim/zq/bin/suricata-v5.0.3-brim13/var/lib/suricata/rules/suricata.rules at line 126
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol dnp3 is disabled
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert dnp3 any any -> any any (msg:"SURICATA DNP3 Unknown object";        app-layer-event:dnp3.unknown_object; classtype:protocol-command-decode; sid:2270004; rev:2;)" from file /Users/henridf/work/brim/zq/bin/suricata-v5.0.3-brim13/var/lib/suricata/rules/suricata.rules at line 127
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol modbus is disabled
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus invalid Protocol version"; app-layer-event:modbus.invalid_protocol_id; classtype:protocol-command-decode; sid:2250001; rev:2;)" from file /Users/henridf/work/brim/zq/bin/suricata-v5.0.3-brim13/var/lib/suricata/rules/suricata.rules at line 224
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol modbus is disabled
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus unsolicited response"; app-layer-event:modbus.unsolicited_response; classtype:protocol-command-decode; sid:2250002; rev:2;)" from file /Users/henridf/work/brim/zq/bin/suricata-v5.0.3-brim13/var/lib/suricata/rules/suricata.rules at line 225
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol modbus is disabled
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus invalid Length"; app-layer-event:modbus.invalid_length; classtype:protocol-command-decode; sid:2250003; rev:2;)" from file /Users/henridf/work/brim/zq/bin/suricata-v5.0.3-brim13/var/lib/suricata/rules/suricata.rules at line 226
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol modbus is disabled
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus invalid Unit Identifier"; app-layer-event:modbus.invalid_unit_identifier; classtype:protocol-command-decode; sid:2250004; rev:2;)" from file /Users/henridf/work/brim/zq/bin/suricata-v5.0.3-brim13/var/lib/suricata/rules/suricata.rules at line 227
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol modbus is disabled
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus invalid Function code"; app-layer-event:modbus.invalid_function_code; classtype:protocol-command-decode; sid:2250005; rev:2;)" from file /Users/henridf/work/brim/zq/bin/suricata-v5.0.3-brim13/var/lib/suricata/rules/suricata.rules at line 228
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol modbus is disabled
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus invalid Value"; app-layer-event:modbus.invalid_value; classtype:protocol-command-decode; sid:2250006; rev:2;)" from file /Users/henridf/work/brim/zq/bin/suricata-v5.0.3-brim13/var/lib/suricata/rules/suricata.rules at line 229
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol modbus is disabled
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus Exception code invalid"; flow:to_client; app-layer-event:modbus.invalid_exception_code; classtype:protocol-command-decode; sid:2250007; rev:2;)" from file /Users/henridf/work/brim/zq/bin/suricata-v5.0.3-brim13/var/lib/suricata/rules/suricata.rules at line 230
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol modbus is disabled
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus Data mismatch"; flow:to_client; app-layer-event:modbus.value_mismatch; classtype:protocol-command-decode; sid:2250008; rev:2;)" from file /Users/henridf/work/brim/zq/bin/suricata-v5.0.3-brim13/var/lib/suricata/rules/suricata.rules at line 231
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol modbus is disabled
20/11/2020 -- 18:46:01 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus Request flood detected"; flow:to_server; app-layer-event:modbus.flooded; classtype:protocol-command-decode; sid:2250009; rev:2;)" from file /Users/henridf/work/brim/zq/bin/suricata-v5.0.3-brim13/var/lib/suricata/rules/suricata.rules at line 232
20/11/2020 -- 18:46:02 - <Info> - 1 rule files processed. 21336 rules successfully loaded, 14 rules failed
20/11/2020 -- 18:46:02 - <Info> - Threshold config parsed: 0 rule(s) found
20/11/2020 -- 18:46:02 - <Info> - 21339 signatures processed. 1453 are IP-only rules, 4007 are inspecting packet payload, 15650 inspect application layer, 103 are decoder event only
20/11/2020 -- 18:46:09 - <Notice> - all 1 packet processing threads, 2 management threads initialized, engine started.
20/11/2020 -- 18:46:09 - <Info> - Starting file run for -
20/11/2020 -- 18:46:09 - <Info> - No packets with invalid checksum, assuming checksum offloading is NOT used
20/11/2020 -- 18:46:09 - <Info> - pcap file - end of file reached (pcap err code 0)
20/11/2020 -- 18:46:09 - <Notice> - Signal Received.  Stopping engine.
20/11/2020 -- 18:46:09 - <Info> - time elapsed 0.056s
20/11/2020 -- 18:46:09 - <Notice> - Pcap-file module read 1 files, 2000 packets, 705670 bytes
20/11/2020 -- 18:46:09 - <Info> - Alerts: 0
20/11/2020 -- 18:46:09 - <Info> - cleaning up signature grouping structure... complete
philrz commented 3 years ago

Same for the dnp3 ones?

henridf commented 3 years ago

@philrz yes same for the dnp3 ones.

henridf commented 3 years ago

This only occurs after suricataupdater has run (which is why I only noticed this recently).

philrz commented 3 years ago

Verified with the suricata-v5.0.3-brim25 artifact on macOS.

Here's an example of all the excess output as it looked in suricata-v5.0.3-brim21 before this fix.

$ ./suricataupdater 
29/11/2020 -- 10:33:38 - <Info> -- Loading /Users/phil/work/build-suricata-34/suricata/var/lib/suricata/update.yaml
29/11/2020 -- 10:33:39 - <Info> -- Found Suricata version 5.0.3 at /Users/phil/work/build-suricata-34/suricata/bin/suricata.
29/11/2020 -- 10:33:39 - <Info> -- Loading /Users/phil/work/build-suricata-34/suricata/brim-conf.yaml
29/11/2020 -- 10:33:39 - <Info> -- No sources configured, will use Emerging Threats Open
29/11/2020 -- 10:33:39 - <Info> -- Checking https://rules.emergingthreats.net/open/suricata-5.0.3/emerging.rules.tar.gz.md5.
29/11/2020 -- 10:33:39 - <Info> -- Fetching https://rules.emergingthreats.net/open/suricata-5.0.3/emerging.rules.tar.gz.
 100% - 2816667/2816667               
29/11/2020 -- 10:33:40 - <Info> -- Done.
29/11/2020 -- 10:33:40 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata/share/suricata/rules/app-layer-events.rules
29/11/2020 -- 10:33:40 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata/share/suricata/rules/decoder-events.rules
29/11/2020 -- 10:33:40 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata/share/suricata/rules/dhcp-events.rules
29/11/2020 -- 10:33:40 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata/share/suricata/rules/dnp3-events.rules
29/11/2020 -- 10:33:40 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata/share/suricata/rules/dns-events.rules
29/11/2020 -- 10:33:40 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata/share/suricata/rules/files.rules
29/11/2020 -- 10:33:40 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata/share/suricata/rules/http-events.rules
29/11/2020 -- 10:33:40 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata/share/suricata/rules/ipsec-events.rules
29/11/2020 -- 10:33:40 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata/share/suricata/rules/kerberos-events.rules
29/11/2020 -- 10:33:40 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata/share/suricata/rules/modbus-events.rules
29/11/2020 -- 10:33:40 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata/share/suricata/rules/nfs-events.rules
29/11/2020 -- 10:33:40 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata/share/suricata/rules/ntp-events.rules
29/11/2020 -- 10:33:40 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata/share/suricata/rules/smb-events.rules
29/11/2020 -- 10:33:40 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata/share/suricata/rules/smtp-events.rules
29/11/2020 -- 10:33:40 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata/share/suricata/rules/stream-events.rules
29/11/2020 -- 10:33:40 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata/share/suricata/rules/tls-events.rules
29/11/2020 -- 10:33:40 - <Info> -- Ignoring file rules/emerging-deleted.rules
29/11/2020 -- 10:33:41 - <Info> -- Loaded 28569 rules.
29/11/2020 -- 10:33:41 - <Info> -- Disabled 0 rules.
29/11/2020 -- 10:33:41 - <Info> -- Enabled 0 rules.
29/11/2020 -- 10:33:41 - <Info> -- Modified 0 rules.
29/11/2020 -- 10:33:41 - <Info> -- Dropped 0 rules.
29/11/2020 -- 10:33:41 - <Info> -- Enabled 145 rules for flowbit dependencies.
29/11/2020 -- 10:33:41 - <Info> -- Backing up current rules.
29/11/2020 -- 10:33:43 - <Info> -- Writing rules to /Users/phil/work/build-suricata-34/suricata/var/lib/suricata/rules/suricata.rules: total: 28569; enabled: 21200; added: 19; removed 0; modified: 1510
29/11/2020 -- 10:33:44 - <Info> -- Writing /Users/phil/work/build-suricata-34/suricata/var/lib/suricata/rules/classification.config
29/11/2020 -- 10:33:44 - <Info> -- Skipping test, disabled by configuration.
29/11/2020 -- 10:33:44 - <Info> -- Done.
10:33:44-phil@PhilMac:~/work/build-suricata-34/suricata$ ls
bin     etc     lib     suricatarunner  var
brim-conf.yaml  include     share       suricataupdater

$ cat ~/pcap/hello.pcapng | ./suricatarunner 
29/11/2020 -- 10:33:56 - <Notice> - This is Suricata version 5.0.3 RELEASE running in USER mode
29/11/2020 -- 10:33:56 - <Info> - CPUs/cores online: 12
29/11/2020 -- 10:33:57 - <Info> - No 'host-mode': suricata is in IDS mode, using default setting 'sniffer-only'
29/11/2020 -- 10:33:57 - <Info> - eve-log output device (regular) initialized: eve.json
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol dnp3 is disabled
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert dnp3 any any -> any any (msg:"SURICATA DNP3 Request flood detected";        app-layer-event:dnp3.flooded; classtype:protocol-command-decode; sid:2270000; rev:2;)" from file /Users/phil/work/build-suricata-34/suricata/var/lib/suricata/rules/suricata.rules at line 123
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol dnp3 is disabled
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert dnp3 any any -> any any (msg:"SURICATA DNP3 Length too small";        app-layer-event:dnp3.len_too_small; classtype:protocol-command-decode; sid:2270001; rev:3;)" from file /Users/phil/work/build-suricata-34/suricata/var/lib/suricata/rules/suricata.rules at line 124
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol dnp3 is disabled
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert dnp3 any any -> any any (msg:"SURICATA DNP3 Bad link CRC";        app-layer-event:dnp3.bad_link_crc; classtype:protocol-command-decode; sid:2270002; rev:2;)" from file /Users/phil/work/build-suricata-34/suricata/var/lib/suricata/rules/suricata.rules at line 125
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol dnp3 is disabled
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert dnp3 any any -> any any (msg:"SURICATA DNP3 Bad transport CRC";        app-layer-event:dnp3.bad_transport_crc; classtype:protocol-command-decode; sid:2270003; rev:2;)" from file /Users/phil/work/build-suricata-34/suricata/var/lib/suricata/rules/suricata.rules at line 126
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol dnp3 is disabled
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert dnp3 any any -> any any (msg:"SURICATA DNP3 Unknown object";        app-layer-event:dnp3.unknown_object; classtype:protocol-command-decode; sid:2270004; rev:2;)" from file /Users/phil/work/build-suricata-34/suricata/var/lib/suricata/rules/suricata.rules at line 127
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol modbus is disabled
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus invalid Protocol version"; app-layer-event:modbus.invalid_protocol_id; classtype:protocol-command-decode; sid:2250001; rev:2;)" from file /Users/phil/work/build-suricata-34/suricata/var/lib/suricata/rules/suricata.rules at line 224
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol modbus is disabled
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus unsolicited response"; app-layer-event:modbus.unsolicited_response; classtype:protocol-command-decode; sid:2250002; rev:2;)" from file /Users/phil/work/build-suricata-34/suricata/var/lib/suricata/rules/suricata.rules at line 225
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol modbus is disabled
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus invalid Length"; app-layer-event:modbus.invalid_length; classtype:protocol-command-decode; sid:2250003; rev:2;)" from file /Users/phil/work/build-suricata-34/suricata/var/lib/suricata/rules/suricata.rules at line 226
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol modbus is disabled
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus invalid Unit Identifier"; app-layer-event:modbus.invalid_unit_identifier; classtype:protocol-command-decode; sid:2250004; rev:2;)" from file /Users/phil/work/build-suricata-34/suricata/var/lib/suricata/rules/suricata.rules at line 227
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol modbus is disabled
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus invalid Function code"; app-layer-event:modbus.invalid_function_code; classtype:protocol-command-decode; sid:2250005; rev:2;)" from file /Users/phil/work/build-suricata-34/suricata/var/lib/suricata/rules/suricata.rules at line 228
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol modbus is disabled
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus invalid Value"; app-layer-event:modbus.invalid_value; classtype:protocol-command-decode; sid:2250006; rev:2;)" from file /Users/phil/work/build-suricata-34/suricata/var/lib/suricata/rules/suricata.rules at line 229
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol modbus is disabled
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus Exception code invalid"; flow:to_client; app-layer-event:modbus.invalid_exception_code; classtype:protocol-command-decode; sid:2250007; rev:2;)" from file /Users/phil/work/build-suricata-34/suricata/var/lib/suricata/rules/suricata.rules at line 230
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol modbus is disabled
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus Data mismatch"; flow:to_client; app-layer-event:modbus.value_mismatch; classtype:protocol-command-decode; sid:2250008; rev:2;)" from file /Users/phil/work/build-suricata-34/suricata/var/lib/suricata/rules/suricata.rules at line 231
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - protocol modbus is disabled
29/11/2020 -- 10:33:57 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert modbus any any -> any any (msg:"SURICATA Modbus Request flood detected"; flow:to_server; app-layer-event:modbus.flooded; classtype:protocol-command-decode; sid:2250009; rev:2;)" from file /Users/phil/work/build-suricata-34/suricata/var/lib/suricata/rules/suricata.rules at line 232
29/11/2020 -- 10:33:57 - <Info> - 1 rule files processed. 21186 rules successfully loaded, 14 rules failed
29/11/2020 -- 10:33:57 - <Warning> - [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/Users/phil/work/build-suricata-34/suricata/share/suricata/threshold.config": No such file or directory
29/11/2020 -- 10:33:57 - <Info> - 21189 signatures processed. 1534 are IP-only rules, 3808 are inspecting packet payload, 15618 inspect application layer, 103 are decoder event only
29/11/2020 -- 10:34:02 - <Notice> - all 1 packet processing threads, 2 management threads initialized, engine started.
29/11/2020 -- 10:34:02 - <Info> - Starting file run for -
29/11/2020 -- 10:34:02 - <Info> - pcap file - end of file reached (pcap err code 0)
29/11/2020 -- 10:34:02 - <Notice> - Signal Received.  Stopping engine.
29/11/2020 -- 10:34:02 - <Info> - time elapsed 0.021s
29/11/2020 -- 10:34:02 - <Notice> - Pcap-file module read 1 files, 27 packets, 10916 bytes
29/11/2020 -- 10:34:02 - <Info> - Alerts: 0
29/11/2020 -- 10:34:02 - <Info> - cleaning up signature grouping structure... complete

Now here's the same operations showing reduced output in suricata-v5.0.3-brim25.

$ ./suricataupdater 
29/11/2020 -- 10:35:05 - <Info> -- Loading /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/var/lib/suricata/update.yaml
29/11/2020 -- 10:35:05 - <Info> -- Found Suricata version 5.0.3 at /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/bin/suricata.
29/11/2020 -- 10:35:05 - <Info> -- Loading /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/brim-conf.yaml
29/11/2020 -- 10:35:05 - <Info> -- Disabling rules for protocol modbus
29/11/2020 -- 10:35:05 - <Info> -- Disabling rules for protocol dnp3
29/11/2020 -- 10:35:05 - <Info> -- Disabling rules for protocol enip
29/11/2020 -- 10:35:05 - <Info> -- No sources configured, will use Emerging Threats Open
29/11/2020 -- 10:35:05 - <Info> -- Checking https://rules.emergingthreats.net/open/suricata-5.0.3/emerging.rules.tar.gz.md5.
29/11/2020 -- 10:35:06 - <Info> -- Fetching https://rules.emergingthreats.net/open/suricata-5.0.3/emerging.rules.tar.gz.
 100% - 2816667/2816667               
29/11/2020 -- 10:35:06 - <Info> -- Done.
29/11/2020 -- 10:35:06 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/share/suricata/rules/app-layer-events.rules
29/11/2020 -- 10:35:06 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/share/suricata/rules/decoder-events.rules
29/11/2020 -- 10:35:06 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/share/suricata/rules/dhcp-events.rules
29/11/2020 -- 10:35:06 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/share/suricata/rules/dnp3-events.rules
29/11/2020 -- 10:35:06 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/share/suricata/rules/dns-events.rules
29/11/2020 -- 10:35:06 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/share/suricata/rules/files.rules
29/11/2020 -- 10:35:06 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/share/suricata/rules/http-events.rules
29/11/2020 -- 10:35:06 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/share/suricata/rules/ipsec-events.rules
29/11/2020 -- 10:35:06 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/share/suricata/rules/kerberos-events.rules
29/11/2020 -- 10:35:06 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/share/suricata/rules/modbus-events.rules
29/11/2020 -- 10:35:06 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/share/suricata/rules/nfs-events.rules
29/11/2020 -- 10:35:06 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/share/suricata/rules/ntp-events.rules
29/11/2020 -- 10:35:06 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/share/suricata/rules/smb-events.rules
29/11/2020 -- 10:35:06 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/share/suricata/rules/smtp-events.rules
29/11/2020 -- 10:35:06 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/share/suricata/rules/stream-events.rules
29/11/2020 -- 10:35:06 - <Info> -- Loading distribution rule file /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/share/suricata/rules/tls-events.rules
29/11/2020 -- 10:35:07 - <Info> -- Ignoring file rules/emerging-deleted.rules
29/11/2020 -- 10:35:08 - <Info> -- Loaded 28569 rules.
29/11/2020 -- 10:35:08 - <Info> -- Disabled 14 rules.
29/11/2020 -- 10:35:08 - <Info> -- Enabled 0 rules.
29/11/2020 -- 10:35:08 - <Info> -- Modified 0 rules.
29/11/2020 -- 10:35:08 - <Info> -- Dropped 0 rules.
29/11/2020 -- 10:35:08 - <Info> -- Enabled 145 rules for flowbit dependencies.
29/11/2020 -- 10:35:08 - <Info> -- Backing up current rules.
29/11/2020 -- 10:35:10 - <Info> -- Writing rules to /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/var/lib/suricata/rules/suricata.rules: total: 28569; enabled: 21186; added: 19; removed 0; modified: 1496
29/11/2020 -- 10:35:11 - <Info> -- Writing /Users/phil/work/build-suricata-34/suricata-v5.0.3-brim25/var/lib/suricata/rules/classification.config
29/11/2020 -- 10:35:11 - <Info> -- Skipping test, disabled by configuration.
29/11/2020 -- 10:35:11 - <Info> -- Done.

$ cat ~/pcap/hello.pcapng | ./suricatarunner
29/11/2020 -- 10:35:12 - <Notice> - This is Suricata version 5.0.3 RELEASE running in USER mode
29/11/2020 -- 10:35:12 - <Info> - CPUs/cores online: 12
29/11/2020 -- 10:35:12 - <Info> - No 'host-mode': suricata is in IDS mode, using default setting 'sniffer-only'
29/11/2020 -- 10:35:12 - <Info> - eve-log output device (regular) initialized: eve.json
29/11/2020 -- 10:35:13 - <Info> - 1 rule files processed. 21186 rules successfully loaded, 0 rules failed
29/11/2020 -- 10:35:13 - <Info> - Threshold config parsed: 0 rule(s) found
29/11/2020 -- 10:35:13 - <Info> - 21189 signatures processed. 1534 are IP-only rules, 3808 are inspecting packet payload, 15618 inspect application layer, 103 are decoder event only
29/11/2020 -- 10:35:18 - <Notice> - all 1 packet processing threads, 2 management threads initialized, engine started.
29/11/2020 -- 10:35:18 - <Info> - Starting file run for -
29/11/2020 -- 10:35:18 - <Info> - pcap file - end of file reached (pcap err code 0)
29/11/2020 -- 10:35:18 - <Notice> - Signal Received.  Stopping engine.
29/11/2020 -- 10:35:18 - <Info> - time elapsed 0.021s
29/11/2020 -- 10:35:19 - <Notice> - Pcap-file module read 1 files, 27 packets, 10916 bytes
29/11/2020 -- 10:35:19 - <Info> - Alerts: 0
29/11/2020 -- 10:35:19 - <Info> - cleaning up signature grouping structure... complete

Thanks @henridf!