4. <warning>– [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Name of device should not be</warning>

<warning>– [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Name of device should not be</warning>

  • J

    The suricata log (services / suricata / logs view) shows a warning on all suricata enabled interfaces. This warning appears daily (processing of the updated rules)

    Unfortunately, I cannot find the field I'm suppose to update e.g. not null

    Here is the log:

    23/5/2017 – 05:30:43 - <info>-- 2 rule files processed. 16362 rules successfully loaded, 34 rules failed
    23/5/2017 -- 05:30:44 - <info>-- 16362 signatures processed. 296 are IP-only rules, 5673 are inspecting packet payload, 11726 inspect application layer, 102 are decoder event only
    23/5/2017 -- 05:31:17 - <info>-- Threshold config parsed: 0 rule(s) found
    23/5/2017 -- 05:31:17 - <info>-- fast output device (regular) initialized: alerts.log
    23/5/2017 -- 05:31:17 - <info>-- http-log output device (regular) initialized: http.log
    23/5/2017 -- 05:31:17 - <info>-- Using 1 live device(s).
    23/5/2017 -- 05:31:17 - <warning>– [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Name of device should not be null</warning>
    23/5/2017 – 05:31:17 - <info>-- using interface igb3
    23/5/2017 -- 05:31:17 - <info>-- Running in 'auto' checksum mode. Detection of interface state will require 1000 packets.
    23/5/2017 -- 05:31:17 - <info>-- Found an MTU of 1500 for 'igb3'
    23/5/2017 -- 05:31:17 - <info>-- Set snaplen to 1524 for 'igb3'
    23/5/2017 -- 05:31:17 - <info>-- RunModeIdsPcapAutoFp initialised
    23/5/2017 -- 05:31:17 - <notice>-- all 5 packet processing threads, 2 management threads initialized, engine started.
    23/5/2017 -- 07:55:57 - <info>-- No packets with invalid checksum, assuming checksum offloading is NOT used</info></notice></info></info></info></info></info></info></info></info></info></info></info>

    0

  • This is a bug within the Suricata binary itself.  It has been reported to Suricata upstream and will be fixed in the next release, I think.  It is only a warning and will not affect operation.

    Some changes were made to a section of code in the 3.2.x series, but one line got missed when those changes were made.  You can find the bug report and details on the Suricata Redmine site.

    Bill

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy