Snort mailing list archives
Multiple rule issues after upgrade
From: "Lay, James" <james.lay () wincofoods com>
Date: Wed, 29 Dec 2010 08:28:31 -0700
See below: Dec 29 08:12:01 10.21.10.2 snort[21149]: FATAL ERROR: /usr/local/etc/snort/rules/porn.rules(24) Unknown ClassType: kickass-porn Dec 29 08:13:42 10.21.10.2 snort[21166]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-botcc.rules(41) threshold (in rule): could not create threshold - only one per sig_id=2404000. Dec 29 08:15:27 10.21.10.2 snort[21171]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-compromised.rules(49) threshold (in rule): could not create threshold - only one per sig_id=2500000. Dec 29 08:23:54 10.21.10.2 snort[21222]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-drop.rules(41) threshold (in rule): could not create threshold - only one per sig_id=2400000. Dec 29 08:24:20 10.21.10.2 snort[21224]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-rbn.rules(44) threshold (in rule): could not create threshold - only one per sig_id=2406000. Dec 29 08:24:34 10.21.10.2 snort[21226]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-tor.rules(44) threshold (in rule): could not create threshold - only one per sig_id=2520000. I've had to disable the above rulesets to get snort running again, which is not a really great option currently. Using the latest 2.9.0 ET rules, and registered 2.9.0.1 snort ruleset. James Lay IT Security Analyst WinCo Foods 208-672-2014 Office 208-559-1855 Cell 650 N Armstrong Pl. Boise, Idaho 83704
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- Multiple rule issues after upgrade Lay, James (Dec 29)
- Re: [Emerging-Sigs] Multiple rule issues after upgrade Joel Esler (Dec 29)
- Re: [Emerging-Sigs] Multiple rule issues after upgrade Matthew Jonkman (Dec 29)
- Re: [Emerging-Sigs] Multiple rule issues after upgrade Lay, James (Dec 29)
- Re: [Emerging-Sigs] Multiple rule issues after upgrade L0rd Ch0de1m0rt (Dec 29)
- Re: [Emerging-Sigs] Multiple rule issues after upgrade Lay, James (Dec 29)