Snort mailing list archives
Re: Duplicated rules with the last update
From: Joel Esler <jesler () sourcefire com>
Date: Fri, 19 Apr 2013 10:11:28 -0400
On Apr 19, 2013, at 10:03 AM, C. L. Martinez <carlopmart () gmail com> wrote:
I have updated my snort rules five minutes ago and a lot of messages like these appears: Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-app-detect.rules(38) GID 1 SID 21488 in rule duplicates previous rule. Ignoring old rule. Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-app-detect.rules(56) GID 1 SID 24397 in rule duplicates previous rule. Ignoring old rule. Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(8) GID 1 SID 23799 in rule duplicates previous rule. Ignoring old rule. Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(10) GID 1 SID 23800 in rule duplicates previous rule. Ignoring old rule. Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(12) GID 1 SID 23801 in rule duplicates previous rule. Ignoring old rule. Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(14) GID 1 SID 23802 in rule duplicates previous rule. Ignoring old rule. Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(16) GID 1 SID 23803 in rule duplicates previous rule. Ignoring old rule. Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(18) GID 1 SID 23804 in rule duplicates previous rule. Ignoring old rule. Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-chrome.rules(8) GID 1 SID 16667 in rule duplicates previous rule. Ignoring old rule. Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-chrome.rules(10) GID 1 SID 16668 in rule duplicates previous rule. Ignoring old rule. Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-chrome.rules(20) GID 1 SID 19710 in rule duplicates previous rule. Ignoring old rule. Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(14) GID 1 SID 13838 in rule duplicates previous rule. Ignoring old rule. Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(16) GID 1 SID 15164 in rule duplicates previous rule. Ignoring old rule. Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(20) GID 1 SID 15383 in rule duplicates previous rule. Ignoring old rule. Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(24) GID 1 SID 15431 in rule duplicates previous rule. Ignoring old rule. Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(26) GID 1 SID 15699 in rule duplicates previous rule. Ignoring old rule. Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(32) GID 1 SID 15997 in rule duplicates previous rule. Ignoring old rule. Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(34) GID 1 SID 15999 in rule duplicates previous rule. Ignoring old rule. Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(56) GID 1 SID 16142 in rule duplicates previous rule. Ignoring old rule. Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(60) GID 1 SID 16284 in rule duplicates previous rule. Ignoring old rule. Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(68) GID 1 SID 16347 in rule duplicates previous rule. Ignoring old rule. I am using pulledpork to update rules …
Looking into it.
------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Duplicated rules with the last update C. L. Martinez (Apr 19)
- Re: Duplicated rules with the last update Joel Esler (Apr 19)
- Re: Duplicated rules with the last update Joel Esler (Apr 19)