• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Suricata Error Codes

Scheduled Pinned Locked Moved IDS/IPS
5 Posts 2 Posters 505 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    MagikMark
    last edited by Oct 27, 2023, 5:56 AM

    Hi! Bmeeks!

    I'm getting a lot of "[ERRCODE: SC_ERR_INVALID_SIGNATURE(39)]" . What does it mean? Does it affect the effectivity of Suricata?

    Are you also the developer of Snort Package?

    B 1 Reply Last reply Oct 27, 2023, 1:31 PM Reply Quote 0
    • B
      bmeeks @MagikMark
      last edited by Oct 27, 2023, 1:31 PM

      @MagikMark said in Suricata Error Codes:

      'm getting a lot of "[ERRCODE: SC_ERR_INVALID_SIGNATURE(39)]" . What does it mean? Does it affect the effectivity of Suricata?

      This is most likely from a Snort VRT rule. Snort is not Suricata. The two systems recognize some different syntax in rules. While Snort rules are for the most part compatible with Suricata, there are several that are not. If you enable every single Snort rule on Suricata, somewhere around 700 or so (at my last count) will generate these errors due to incompatible rule syntax. Any Snort rule triggering an error will be discarded and not loaded into Suricata's memory space. So, you can safely ignore the message and just recognize that not all Snort rules work in Suricata.

      The error in suricata.log should give you the specific piece of rule syntax it does not like along with the line number in the suricata.rules file generated for the interface where the offending rule can be found.

      @MagikMark said in Suricata Error Codes:

      Are you also the developer of Snort Package?

      I am the pfSense Snort package maintainer. I am not the original developer (creator), but I have been maintaining it for many, many years now. I am responsible for adding many of the current features into the package.

      I am both the developer and maintainer of the Suricata package on pfSense.

      1 Reply Last reply Reply Quote 0
      • M
        MagikMark
        last edited by MagikMark Oct 27, 2023, 5:39 PM Oct 27, 2023, 5:38 PM

        Awesome! A developer that interact with the users. Very Nice!

        I noticed when I was testting Snort Package, It could only run up to 250Mbps while Suricata when configured for performance, I could fully saturate my speed up to 700Mbps. Is there something I missed out in Snort? I can't see any perfromance tweak in its settings.

        I'm using the same rules and configuration

        B 1 Reply Last reply Oct 27, 2023, 5:40 PM Reply Quote 0
        • B
          bmeeks @MagikMark
          last edited by Oct 27, 2023, 5:40 PM

          @MagikMark said in Suricata Error Codes:

          Awesome! A developer that interact with the users. Very Nice!

          I noticed when I was testting Snort Package, It could only run up to 250Mbps while Suricata when configured for performance, I could fully saturate my speed up to 700Mbps. Is there something I missed out in Snort? I can't see any perfromance tweak in its settings.

          Snort on pfSense is the 2.9.x binary version which is single-threaded. Suricata is a multithreaded binary application and thus capable of much higher throughput.

          1 Reply Last reply Reply Quote 0
          • M
            MagikMark
            last edited by Oct 27, 2023, 5:41 PM

            Thank you! This explains it

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received