Multiple rule issues after upgrade

["Lay, James" <james.lay () wincofoods com>]

See below:

 

Dec 29 08:12:01 10.21.10.2 snort[21149]: FATAL ERROR:
/usr/local/etc/snort/rules/porn.rules(24) Unknown ClassType:
kickass-porn

Dec 29 08:13:42 10.21.10.2 snort[21166]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-botcc.rules(41) threshold (in rule):
could not create threshold - only one per sig_id=2404000.

Dec 29 08:15:27 10.21.10.2 snort[21171]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-compromised.rules(49) threshold (in
rule): could not create threshold - only one per sig_id=2500000.

Dec 29 08:23:54 10.21.10.2 snort[21222]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-drop.rules(41) threshold (in rule):
could not create threshold - only one per sig_id=2400000.

Dec 29 08:24:20 10.21.10.2 snort[21224]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-rbn.rules(44) threshold (in rule):
could not create threshold - only one per sig_id=2406000.

Dec 29 08:24:34 10.21.10.2 snort[21226]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-tor.rules(44) threshold (in rule):
could not create threshold - only one per sig_id=2520000.

 

I've had to disable the above rulesets to get snort running again, which
is not a really great option currently.  Using the latest 2.9.0 ET
rules, and registered 2.9.0.1 snort ruleset.

 

James Lay

IT Security Analyst

WinCo Foods

208-672-2014 Office

208-559-1855 Cell

650 N Armstrong Pl.

Boise, Idaho 83704

 

------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs