Re: Snort duplicate signatures in table

[Dirk Geschke <Dirk_Geschke () genua de>]

Hi Vladimir,

> > Maybe there are more rules with the same sig_name,
> > sig_rev and sig_sid but with different priorities?
>
> No.

sorry, but below states that there are two entries...

> > Simply connect to the database and execute the SQL statement. Then you can
> > easily see which other results are available. Use psql to connect to the
> > database and then execute:
> >
> > SELECT * FROM signature WHERE sig_name = 'WEB-MISC Cisco IOS HTTP
> configuration attempt' AND sig_rev = 13 AND sig_sid = 1250;
> > This should show all results with all fields. And probably you will find
> the
> > answer what caused the above message...
>
> This give 2 results. With the same sig_rev, sig_sid, sig_name and
> sig_priority.

Are this two results identical in all fields except sig_id? Maybe they
have different priorities or classifications?

Best regards

Dirk



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users