Suricata 4.0.0-rc1 ready for testing!


We are proud to announce that the first release candidate for the upcoming Suricata 4.0.0 is ready for your testing.┬áSince the beta1 release we’ve received much valuable feedback, leading to lots of fixed issues.

Notable changes: initial merge of Pierre Chiffliers Rust parsers work. This uses external Rust parser ‘crates’ and is enabled by using –enable-rust-experimental. This is even more experimental than –enable-rust, so use with care. Initially this adds a NTP parser.

The NFS parser adds support for catching up after packet loss, adds UDP support and basic NFSv2 support.

EVE was extended to optionally log the HTTP request and/or response bodies. Also new in EVE, the (partial) flow record is added to alert records.

We’re aiming for a final 4.0.0 release one month from now. If needed a rc2 release may be added to the schedule. Please help us test!


  • Feature #2095: eve: http body in alert event
  • Feature #2131: nfs: implement GAP support
  • Feature #2156: Add app_proto or partial flow entry to alerts
  • Feature #2163: ntp parser
  • Feature #2164: rust: external parser crate support
  • Bug #1930: Segfault when event rule is invalid
  • Bug #2038: validate app-layer API use
  • Bug #2109: asn1: keyword memleak
  • Bug #2141: 4.0.0-dev (rev 8ea9a5a) segfault
  • Bug #2143: Bypass cause missing alert on packets only signatures
  • Bug #2144: rust: panic in dns/tcp
  • Bug #2148: rust/dns: panic on malformed rrnames
  • Bug #2153: starttls ‘tunnel’ packet issue – nfq_handle_packet error -1
  • Bug #2154: Dynamic stack overflow in payload printable output
  • Bug #2155: AddressSanitizer double-free error
  • Bug #2157: Compilation Issues Beta 4.0
  • Bug #2158: Suricata v4.0.0-beta1 dns_query; segmentation fault
  • Bug #2159: http: 2221028 triggers on underscore in hostname
  • Bug #2160: openbsd: pcap with raw datalink not supported
  • Bug #2161: libhtp 0.5.25
  • Bug #2165: rust: releases should include crate dependencies (cargo-vendor)


Special thanks

Pierre Chifflier, Selivanov Pavel, Giuseppe Longo


  • Developer Training in Cork, Ireland. September 11 to 15: Hosted by FireEye.
  • User Training at SuriCon 2017, in Prague:

SuriCon 2017

Come meet the Suricata community and development team to discuss all things Suricata at the third edition of the annual Suricata Conference. SuriCon 2017 will be in November in Prague:

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.