Problem to create a simple signature

Hi !
I have a problem to create very simple rules.

I want to raise an alert as soon as I see an IP address but when I load it into suricata, I get an error: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - invalid formatting to msg keyword: value must be double quoted ‘msg’
Here is the rules:

alert ip any → $HOME_NET any (msg:”Test IP rules”; sid:2900000; rev:1;)

Similarly with a list

alert ip [,] any → $HOME_NET any (msg:”Test IP rules”; sid:2900001; rev:1;)

[ERRCODE: SC_ERR_GENERIC(89)] - failed to parse address “”

If you have an example of a rule identical to mine, I’m interested ;-).
Thanks for your help


Take a good look at the quotes, they are different.

alert http any any -> any any (msg:" HTTP Host";flow: to_server,established;content:"Diario de"; http_header;sid:15;rev:1;)

alert ip any -> $HOME_NET any (msg:”Test IP rules”; sid:2900000; rev:1;)

If you put the correct quotes…

suri@xxxx:~/tmp/pruebas$ cat fast.log
04/13/2022-10:54:23.497578  [**] [1:2900000:1] Test IP rules [**] [Classification: (null)] [Priority: 3] {TCP} ->

Right, well seen :grinning:
Thank you