Snort mailing list archives
Re: Fwd: pulledpork snort.rules error
From: Matthew Jonkman <jonkman () emergingthreatspro com>
Date: Wed, 9 Mar 2011 08:05:44 -0500
You're using the right combination of rules. Can you note some of the other sids you're getting a dupe on? Also check that you're not using the -all.rules from the emerging side by accident, as well as the individual rules files. Matt On Mar 8, 2011, at 11:24 PM, Michael Lubinski wrote:
I also notice I am getting "rule duplicates previous rule" errors during snort startup. I am using the regrules from VRT and the open no gpl rules from ET. Should I be using a different combination? It seems they may be overlapping? ---------- Forwarded message ---------- From: Michael Lubinski <michael.lubinski () gmail com> Date: Tue, Mar 8, 2011 at 10:16 PM Subject: pulledpork snort.rules error To: "Snort-users () lists sourceforge net" <snort-users () lists sourceforge net> After getting pulledpork to work I get an error when I try to start snort. ERROR: /etc/snort/rules/snort.rules(48) threshold (in rule): could not create the threshold - only one per sig_id=10088. I am running Et and VRT rulesets. ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
---------------------------------------------------- Matthew Jonkman Emergingthreats.net Emerging Threats Pro Open Information Security Foundation (OISF) Phone 765-807-8630 x110 Fax 312-264-0205 http://www.emergingthreatspro.com http://www.openinfosecfoundation.org ---------------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc
------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- pulledpork snort.rules error Michael Lubinski (Mar 08)
- Fwd: pulledpork snort.rules error Michael Lubinski (Mar 08)
- Re: Fwd: pulledpork snort.rules error Matthew Jonkman (Mar 09)
- Re: Fwd: pulledpork snort.rules error Michael Lubinski (Mar 09)
- Re: Fwd: pulledpork snort.rules error Michael Lubinski (Mar 09)
- Re: Fwd: pulledpork snort.rules error Matthew Jonkman (Mar 09)
- Fwd: pulledpork snort.rules error Michael Lubinski (Mar 08)