Re: Snort down

[James Lay <jlay () slave-tothe-box net>]

Try:
grep 2014141 snort.rules
And see what you find.
James
On Wed, 2016-06-15 at 16:17 +0530, ARUN LAL wrote:
> No we don't do anything on the file. May be it happens after
> pullderok rule updates.
>
> @James jay we don't have multiple rules with same SID
>
> On Wed, Jun 15, 2016 at 3:50 PM, James Lay <jlay () slave-tothe-box net>
> wrote:
> > On Wed, 2016-06-15 at 14:17 +0530, ARUN LAL wrote:
> > > Hello Team,
> > >
> > > Our snort service is getting down. While checking we have found
> > > that the following.
> > >
> > > =====================
> > >
> > > ERROR: /etc/snort/rules/snort.rules(6053) threshold (in rule):
> > > could not create threshold - only one per sig_id=2014141.
> > >
> > > =====================
> > >
> > > After uncommenting the rule in snort.rule the snort service is
> > > running fine.
> > >
> > > > > Why it happens always?? Can some explain it to me?
> > > Regards
> > > Arunlal
> > > ---------------------------------------------------------------
> > > ---------------
> > > What NetFlow Analyzer can do for you? Monitors network bandwidth
> > > and traffic
> > > patterns at an interface-level. Reveals which users, apps, and
> > > protocols are 
> > > consuming the most bandwidth. Provides multi-vendor support for
> > > NetFlow, 
> > > J-Flow, sFlow and other flows. Make informed decisions using
> > > capacity planning
> > > reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421
> > > &iu=/41014381
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-use
> > > rs
> > >
> > > Please visit http://blog.snort.org to stay current on all the
> > > latest Snort news!
> > You have duplicate rules or two rules with the same SID....sounds
> > like you'll want to look at your rule update process.
> >
> > James
> >
> > -----------------------------------------------------------------
> > -------------
> > What NetFlow Analyzer can do for you? Monitors network bandwidth
> > and traffic
> > patterns at an interface-level. Reveals which users, apps, and
> > protocols are
> > consuming the most bandwidth. Provides multi-vendor support for
> > NetFlow,
> > J-Flow, sFlow and other flows. Make informed decisions using
> > capacity planning
> > reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&i
> > u=/41014381
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the
> > latest Snort news!
> -------------------------------------------------------------------
> -----------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and
> protocols are 
> consuming the most bandwidth. Provides multi-vendor support for
> NetFlow, 
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=
> /41014381
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!