Local rules with same sids and snort works!

[fatema bannatwala <fatema.bannatwala () gmail com>]

Hi All,

Just realized that I have two rules in my local.rules file with same sid,
and snort works just fine!!
I always had in my head that sids should have to be unique, but today when
I was going through the local.rules file, I realized that someone from our
team had created a new rule and assigned it a same sid that a previous rule
had.
I couldn't catch it before because snort was running just fine without any
complains on duplicate sids.

Have I missed this change in the current (or 2.9 version) of snort or is it
something else?

Quick points: I have local.rules enabled in snort.conf and pulled pork is
not modifying anything regarding local rules so they should get loaded as
it is, and above all I am getting alerts for one of the rules having
duplicate sid, but no alerts for the other rule having same sid.

Snort version - 2.9.8.3
barnyard version - 2-1.9
pulledpork - 0.7.0

Thanks,
Fatema.

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!