Re: Oinkmaster not seeing large SID file rules

[James Lay <jlay () slave-tothe-box net>]

On 6/18/08 4:00 PM, "CunningPike" <cunningpike () gmail com> wrote:

> How certain are you that the rulesets your are updating with Oinkmaster
> contain a rule with sid:100000137?
>
> CP

Yep:  community-sid-msg.map:100000137 || COMMUNITY MISC BAD-SSL tcp detect


> James Lay wrote:
> > Hello!
> >
> > Oinkmaster doesn¹t seem to see large SID rules.  Below is my disablesid
> > line:
> >
> > disablesid 12488,100000137
> >
> > And here¹s what I get from the oinkmaster report:
> >
> > Processing downloaded rules... disabled 1, enabled 0, modified 0,
> > total=19680
> >
> > Any way I can get it to see that second rule?  Thanks.
> >
> > James




-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users