Snort mailing list archives
Re: Snort down
From: James Lay <jlay () slave-tothe-box net>
Date: Wed, 15 Jun 2016 05:01:28 -0600
Try: grep 2014141 snort.rules And see what you find. James On Wed, 2016-06-15 at 16:17 +0530, ARUN LAL wrote:
No we don't do anything on the file. May be it happens after pullderok rule updates. @James jay we don't have multiple rules with same SID On Wed, Jun 15, 2016 at 3:50 PM, James Lay <jlay () slave-tothe-box net> wrote:On Wed, 2016-06-15 at 14:17 +0530, ARUN LAL wrote:Hello Team, Our snort service is getting down. While checking we have found that the following. ===================== ERROR: /etc/snort/rules/snort.rules(6053) threshold (in rule): could not create threshold - only one per sig_id=2014141. ===================== After uncommenting the rule in snort.rule the snort service is running fine.Why it happens always?? Can some explain it to me?Regards Arunlal --------------------------------------------------------------- --------------- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421 &iu=/41014381 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-use rs Please visit http://blog.snort.org to stay current on all the latest Snort news!You have duplicate rules or two rules with the same SID....sounds like you'll want to look at your rule update process. James ----------------------------------------------------------------- ------------- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&i u=/41014381 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------- ----------- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu= /41014381 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort down ARUN LAL (Jun 15)
- Re: Snort down James Lay (Jun 15)
- Re: Snort down ARUN LAL (Jun 15)
- Re: Snort down James Lay (Jun 15)
- Re: Snort down ARUN LAL (Jun 15)
- Re: [Snort-sigs] Snort down wkitty42 (Jun 15)
- Re: [Snort-sigs] Snort down James Lay (Jun 15)
- Re: Snort down James Lay (Jun 15)