Re: Fwd: pulledpork snort.rules error

[Michael Lubinski <michael.lubinski () gmail com>]

I have figured out this error.

the emerging.conf and snort.conf both had the snort rules file added. I
removed this and I can start snort now.

On Wed, Mar 9, 2011 at 5:12 PM, Michael Lubinski <michael.lubinski () gmail com
> wrote:

> Duplicate errors on the following SIDS;
>
> 1001,10011,10012,10013,10014,10015,10016,10017,10017,1002,10050,10062,10063,10065,10066,10067,10068,10069,10070,10071,10073,10074,10075,10076,10077,10078,10080,10081,10082,10083,10086,10088.
>
> My pulledpork rule lines;
>
> rule_url=
> http://www.snort.org/reg-rules|snortrules-snapshop-2903.tar.gz|oinkcode
> rule_url=http://rules.emergingthreats.net|emerging.rules.tar.gz|open-nogpl
>
>
> On Wed, Mar 9, 2011 at 7:05 AM, Matthew Jonkman <
> jonkman () emergingthreatspro com> wrote:
>
> > You're using the right combination of rules. Can you note some of the
> > other sids you're getting a dupe on?
> >
> > Also check that you're not using the -all.rules from the emerging side by
> > accident, as well as the individual rules files.
> >
> > Matt
> >
> > On Mar 8, 2011, at 11:24 PM, Michael Lubinski wrote:
> >
> > I also notice I am getting "rule duplicates previous rule" errors during
> > snort startup. I am using the regrules from VRT and the open no gpl rules
> > from ET. Should I be using a different combination? It seems they may be
> > overlapping?
> >
> > ---------- Forwarded message ----------
> > From: Michael Lubinski <michael.lubinski () gmail com>
> > Date: Tue, Mar 8, 2011 at 10:16 PM
> > Subject: pulledpork snort.rules error
> > To: "Snort-users () lists sourceforge net" <
> > snort-users () lists sourceforge net>
> >
> >
> > After getting pulledpork to work I get an error when I try to start
> > snort.
> >
> > ERROR: /etc/snort/rules/snort.rules(48) threshold (in rule): could not
> > create the threshold - only one per sig_id=10088.
> >
> > I am running Et and VRT rulesets.
> >
> >
> > ------------------------------------------------------------------------------
> > Colocation vs. Managed Hosting
> > A question and answer guide to determining the best fit
> > for your organization - today and in the future.
> >
> > http://p.sf.net/sfu/internap-sfd2d_______________________________________________
> > Snort-users mailing list
> >
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> >
> > ----------------------------------------------------
> > Matthew Jonkman
> > Emergingthreats.net
> > Emerging Threats Pro
> > Open Information Security Foundation (OISF)
> > Phone 765-807-8630 x110
> > Fax 312-264-0205
> > http://www.emergingthreatspro.com
> > http://www.openinfosecfoundation.org
> > ----------------------------------------------------
> >
> > PGP: http://www.jonkmans.com/mattjonkman.asc
------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users