Re: Pulledpork duplicate rules

["C. L. Martinez" <carlopmart () gmail com>]

Answers in-line

On Mon, Oct 14, 2013 at 1:55 PM, JJC <cummingsj () gmail com> wrote:
> We will need a little more information than this.  A few questions to get us started though:
>
> 1: Did you delete your old rules files before running PP?

No. I am trying with rules previously downloaded. Removing old rules,
works but it is not efficient ...

> 2: Are you using a single file or keeping all files?

I keep all files.

> 3: Has the new version of PP ever run successfully for you?

It is the first time I've used. With version 0.6.0 all works as expected.

> 4: These duplicate SIDs, are they in different files, if so what are the timestamp differences of each for 
> create/modify?

No, they are added to exists rules files.

> This should get us started...
>
> JJC

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!