Local Rule Error

["Jones, Christopher (Chris) (Maj)" <cajones1 () nps edu>]

All,

I'm working on writing some simple local rules but Snort is giving me the error: "SID 5000001 in rule duplicates 
previous rule.  Ignoring old rule."

My local rule is this:

#-------------
# LOCAL RULES
#-------------

alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"LOCAL RULE-chmod command attempt"; content:"chmod"; sid:5000001; 
rev:1;)

It's the only local rule I'm using so I'm confused about the error.  I've seen "chmod" used in scrips and I'd like 
Snort to pull it out for me.  I'm not sure why other rules haven't picked up on it but I figure I can start to improve 
my rule writing with some basic string searches.

Thanks for your help.

Chris

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!