Snort mailing list archives

Re: FATAL ERROR: FLOWBITS ERROR: The number of flowbit IDs in the current ruleset exceed the maximum number of IDs that are allowed.

From: Frank Knobbe <frank () knobbe us>
Date: Thu, 21 Apr 2005 22:19:59 -0500

On Fri, 2005-04-22 at 14:21 +1200, Russell Fulton wrote:

Hi, This afternoon after updating my bleeding rules I got the above
error when restarting snort with the new rules.

I am using most of the standard snort rules and a lot of the bleeding
rules too.

I guess this means that there is a limit to the number of Flowbit rules
one can load at any time and that I have just exceeded it.


Yo Russell,

use the following directive in your snort.conf:

config flowbits_size: 256

I believe the default is 32 or 64, so anything larger than that should
help you out.

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

FATAL ERROR: FLOWBITS ERROR: The number of flowbit IDs in the current ruleset exceed the maximum number of IDs that are allowed. Russell Fulton (Apr 21)
- Re: FATAL ERROR: FLOWBITS ERROR: The number of flowbit IDs in the current ruleset exceed the maximum number of IDs that are allowed. Frank Knobbe (Apr 21)