Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Suricata SIP errors loading rules

    IDS/IPS
    2
    2
    444
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bbrendon last edited by

      My logs have this error all over the place:

      Variable "SIP_SERVERS" is not defined in configuration file

      I noticed there isn't a way to configure this as these variables are omitted. What's the correct solution to this?

      1 Reply Last reply Reply Quote 0
      • bmeeks
        bmeeks last edited by

        You can manually add the required values to the YAML configuration template file.  Note that this will have to be repeated each time you update the Suricata package as the template file is always overwritten with a new update (like when you install a package update from the Package Manager).

        Find this file and open it in an editor of choice:

        /usr/local/pkg/suricata/suricata_yaml_template.inc

        Near the bottom of the file you will find this section of code:

        
# Holds variables that would be used by the engine.
vars:

  # Holds the address group vars that would be passed in a Signature.
  address-groups:
    HOME_NET: "[{$home_net}]"
    EXTERNAL_NET: "{$external_net}"
    {$addr_vars}

  # Holds the port group vars that would be passed in a Signature.
  port-groups:
    {$port_vars}

        Be very careful not to disturb any existing lines of text (code)!  Add a new line for your SIP_SERVERS as shown below:

        
# Holds variables that would be used by the engine.
vars:

  # Holds the address group vars that would be passed in a Signature.
  address-groups:
    HOME_NET: "[{$home_net}]"
    EXTERNAL_NET: "{$external_net}"
    {$addr_vars}
    SIP_SERVERS ["what ever IP addresses or networks are appropriate for your setup"]

  # Holds the port group vars that would be passed in a Signature.
  port-groups:
    {$port_vars}

        The information in the template file is used to build the suricata.yaml configuration file for each configured interface.  Be very careful when editing and don't change any of the other lines.  That includes spaces or tab indents!  Suricata is very finicky!  You will just be adding this one line in the place shown above.

        SIP_SERVERS ["some IP addresses or networks"]

        I will put the inclusion of the SIP_SERVERS variable on my TODO list for a future update so that it is available within the GUI.

        EDIT:  Forgot to say that after making the changes in the template file above, you will need to go to the INTERFACE SETTINGS tab and "edit" the interface so you can do a Save operation.  Clicking the Save button will cause the suricata.yaml file for the interface to be regenerated using the newly modified template.

        Bill

        1 Reply Last reply Reply Quote 0
        • First post
          Last post