Snort mailing list archives

Re: Snort won't generate alerts with single snort.rules file

From: SnortFan <SnortFan () yahoo com>
Date: Wed, 12 Mar 2014 00:04:54 -0400

Anacleto,
       Going back you your original question:  "Isn't suppose to activate all rules by default?"  

No, it will activate a default set of rules. If you look in the snort.rules file, the ones uncommented are the active 
ones. 

Does your output unified file grow as snort runs?  Mine is located at /var/log/snort/. It's location is defined in your 
snort.conf file. 

Cheers,
Ed

Sent from a mobile device.

On Mar 6, 2014, at 9:19 PM, "Joel Esler (jesler)" <jesler () cisco com> wrote:

That's why you are getting the dupe rules warning.  That's normal. 


--
Joel Esler
Sent from my iPad

On Mar 6, 2014, at 6:42 PM, "Anacleto Junior" <suporte.anacleto () gmail com> wrote:

Joel,

Yes, I'm using the registered user ruleset and the community ruleset.


2014-03-06 19:22 GMT-03:00 Joel Esler (jesler) <jesler () cisco com>:

On Feb 28, 2014, at 12:21, "Anacleto Junior" <suporte.anacleto () gmail com> wrote:

I got some errors like:
WARNING: /etc/snort/rules/snort.rules(15678) GID 1 SID 24017 in rule duplicates previous rule. Ignoring old rule.


Are you using the registered ruleset and the community ruleset?




-- 
Anacleto Júnior
Analista de TI e Redes
Linux User: #447388

------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works. 
Faster operations. Version large binaries.  Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort won't generate alerts with single snort.rules file Anacleto Junior (Feb 28)
- Message not available
  - Re: Snort won't generate alerts with single snort.rules file Anacleto Junior (Mar 06)
    - Re: Snort won't generate alerts with single snort.rules file waldo kitty (Mar 06)
    - Re: Snort won't generate alerts with single snort.rules file Michael Wisniewski (Mar 06)
- Re: Snort won't generate alerts with single snort.rules file Joel Esler (jesler) (Mar 06)
  - Re: Snort won't generate alerts with single snort.rules file Anacleto Junior (Mar 06)
    - Re: Snort won't generate alerts with single snort.rules file Joel Esler (jesler) (Mar 06)
    - Re: Snort won't generate alerts with single snort.rules file SnortFan (Mar 11)
    - Re: Snort won't generate alerts with single snort.rules file Anacleto Junior (Mar 12)
    - Re: Snort won't generate alerts with single snort.rules file SnortFan (Mar 12)
    - Re: Snort won't generate alerts with single snort.rules file Anacleto Junior (Mar 13)
    - Re: Snort won't generate alerts with single snort.rules file SnortFan (Mar 14)