Snort mailing list archives
Re: Fwd: pulledpork snort.rules error
From: Michael Lubinski <michael.lubinski () gmail com>
Date: Wed, 9 Mar 2011 17:12:59 -0600
Duplicate errors on the following SIDS; 1001,10011,10012,10013,10014,10015,10016,10017,10017,1002,10050,10062,10063,10065,10066,10067,10068,10069,10070,10071,10073,10074,10075,10076,10077,10078,10080,10081,10082,10083,10086,10088. My pulledpork rule lines; rule_url= http://www.snort.org/reg-rules|snortrules-snapshop-2903.tar.gz|oinkcode rule_url=http://rules.emergingthreats.net|emerging.rules.tar.gz|open-nogpl On Wed, Mar 9, 2011 at 7:05 AM, Matthew Jonkman < jonkman () emergingthreatspro com> wrote:
You're using the right combination of rules. Can you note some of the other sids you're getting a dupe on? Also check that you're not using the -all.rules from the emerging side by accident, as well as the individual rules files. Matt On Mar 8, 2011, at 11:24 PM, Michael Lubinski wrote: I also notice I am getting "rule duplicates previous rule" errors during snort startup. I am using the regrules from VRT and the open no gpl rules from ET. Should I be using a different combination? It seems they may be overlapping? ---------- Forwarded message ---------- From: Michael Lubinski <michael.lubinski () gmail com> Date: Tue, Mar 8, 2011 at 10:16 PM Subject: pulledpork snort.rules error To: "Snort-users () lists sourceforge net" <snort-users () lists sourceforge netAfter getting pulledpork to work I get an error when I try to start snort. ERROR: /etc/snort/rules/snort.rules(48) threshold (in rule): could not create the threshold - only one per sig_id=10088. I am running Et and VRT rulesets. ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ---------------------------------------------------- Matthew Jonkman Emergingthreats.net Emerging Threats Pro Open Information Security Foundation (OISF) Phone 765-807-8630 x110 Fax 312-264-0205 http://www.emergingthreatspro.com http://www.openinfosecfoundation.org ---------------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc
------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- pulledpork snort.rules error Michael Lubinski (Mar 08)
- Fwd: pulledpork snort.rules error Michael Lubinski (Mar 08)
- Re: Fwd: pulledpork snort.rules error Matthew Jonkman (Mar 09)
- Re: Fwd: pulledpork snort.rules error Michael Lubinski (Mar 09)
- Re: Fwd: pulledpork snort.rules error Michael Lubinski (Mar 09)
- Re: Fwd: pulledpork snort.rules error Matthew Jonkman (Mar 09)
- Fwd: pulledpork snort.rules error Michael Lubinski (Mar 08)