Re: solving some warning

["Joel Esler (jesler)" <jesler () cisco com>]

Are you downloading and using the community ruleset + the registered/subscriber ruleset?  This is what typically causes 
this.  You have two copies of the same rule.  This is totally fine.  Snort will use the newest version of the rule by 
default.

So, for instance, if the community version (updated daily) is at rev:2;, and the registered version is at rev:1;.  
Snort will use the rev:2; of the version, and you will receive this version.

Check out this blog post:

http://blog.snort.org/2013/03/the-sourcefire-vrt-community-ruleset-is.html


--
Joel Esler | Talos: Manager | jesler () cisco com<mailto:jesler () cisco com>






On Dec 10, 2016, at 2:31 AM, Ikenna Chiadikaobi <reniykec () yahoo com<mailto:reniykec () yahoo com>> wrote:

attach is a result of dataset analysis, there are some list of warning , whats the way out of them :-

Loading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so... done
Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules...
WARNING: No dynamic libraries found in directory /usr/local/lib/snort_dynamicrules.



WARNING: rules/malware-cnc.rules(3256) GID 1 SID 39574 in rule duplicates previous rule. Ignoring old rule.

WARNING: rules/malware-cnc.rules(3257) GID 1 SID 39573 in rule duplicates previous rule. Ignoring old rule.



Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log
Verifying Preprocessor Configurations!
WARNING: flowbits key 'file.png' is checked but not ever set.
WARNING: flowbits key 'file.jar' is checked but not ever set.
WARNING: flowbits key 'file.realplayer.playlist' is set but not ever
<exam2.txt>------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!