Suricata IP Reputation List Management - <Error> -- [ERRCODE: SC_ERR_NO_REPUTATION(224)]
-
Under Suricata IP Reputation List Management, trying to set up the ip_allow list but its give the following error:
3/6/2021 -- 10:34:53 - <Error> -- [ERRCODE: SC_ERR_NO_REPUTATION(224)] - bad line "10.9.8.0/2"
The above line was inserted automatically.
Any ideas or steps to troubleshoot this issue?
-
It sounds like your list of IP addresses is not in the format Suricata wants. It needs more than just a simple list of IP addresses. Check out the official Suricata documentation here: https://suricata.readthedocs.io/en/suricata-6.0.0/reputation/ipreputation/ip-reputation.html#. More details on the specific required format can be found here: https://suricata.readthedocs.io/en/suricata-6.0.0/reputation/ipreputation/ip-reputation-format.html.
The short version of the story is you either have to use commercial lists published explicitly for use with Suricata (and thus formatted correctly with all the needed parameters), or you need to read the online docs carefully and construct your own list following the format specified. You must have more than simply the IP or CIDR network defined. There are two other required fields.
-
@bmeeks Thanks for the tip. I got the format all fixed up thanks to the docs.
RTFM works... if you know where it is. ;)