Snort mailing list archives
Re: FATAL ERROR: FLOWBITS ERROR: The number of flowbit IDs in the current ruleset exceed the maximum number of IDs that are allowed.
From: Frank Knobbe <frank () knobbe us>
Date: Thu, 21 Apr 2005 22:19:59 -0500
On Fri, 2005-04-22 at 14:21 +1200, Russell Fulton wrote:
Hi, This afternoon after updating my bleeding rules I got the above error when restarting snort with the new rules. I am using most of the standard snort rules and a lot of the bleeding rules too. I guess this means that there is a limit to the number of Flowbit rules one can load at any time and that I have just exceeded it.
Yo Russell, use the following directive in your snort.conf: config flowbits_size: 256 I believe the default is 32 or 64, so anything larger than that should help you out. Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- FATAL ERROR: FLOWBITS ERROR: The number of flowbit IDs in the current ruleset exceed the maximum number of IDs that are allowed. Russell Fulton (Apr 21)
- Re: FATAL ERROR: FLOWBITS ERROR: The number of flowbit IDs in the current ruleset exceed the maximum number of IDs that are allowed. Frank Knobbe (Apr 21)