Snort mailing list archives
Re: solving some warning
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 12 Dec 2016 15:37:31 +0000
Are you downloading and using the community ruleset + the registered/subscriber ruleset? This is what typically causes this. You have two copies of the same rule. This is totally fine. Snort will use the newest version of the rule by default. So, for instance, if the community version (updated daily) is at rev:2;, and the registered version is at rev:1;. Snort will use the rev:2; of the version, and you will receive this version. Check out this blog post: http://blog.snort.org/2013/03/the-sourcefire-vrt-community-ruleset-is.html -- Joel Esler | Talos: Manager | jesler () cisco com<mailto:jesler () cisco com> On Dec 10, 2016, at 2:31 AM, Ikenna Chiadikaobi <reniykec () yahoo com<mailto:reniykec () yahoo com>> wrote: attach is a result of dataset analysis, there are some list of warning , whats the way out of them :- Loading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so... done Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules... WARNING: No dynamic libraries found in directory /usr/local/lib/snort_dynamicrules. WARNING: rules/malware-cnc.rules(3256) GID 1 SID 39574 in rule duplicates previous rule. Ignoring old rule. WARNING: rules/malware-cnc.rules(3257) GID 1 SID 39573 in rule duplicates previous rule. Ignoring old rule. Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Verifying Preprocessor Configurations! WARNING: flowbits key 'file.png' is checked but not ever set. WARNING: flowbits key 'file.jar' is checked but not ever set. WARNING: flowbits key 'file.realplayer.playlist' is set but not ever <exam2.txt>------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- solving some warning Ikenna Chiadikaobi (Dec 09)
- Re: solving some warning Joel Esler (jesler) (Dec 12)