duplicate rules
187 views
Skip to first unread message
Jeremy Hoel
Oct 3, 2013, 1:46:53 PM10/3/13
to pulledpo...@googlegroups.com
When using registered VRT rules AND the community ruleset (which gets
updated more often from what's been put out), you end up with
duplicate rules.
ie:
WARNING: /etc/snort/rules/snort.rules(20104) GID 1 SID 560 in rule
duplicates previous rule. Ignoring old rule.
WARNING: /etc/snort/rules/snort.rules(20561) GID 1 SID 21255 in rule
duplicates previous rule. Ignoring old rule.
WARNING: /etc/snort/rules/snort.rules(20562) GID 1 SID 21256 in rule
duplicates previous rule. Ignoring old rule
So, does PP have a method in place in order to choose one rule over the other?
Can you set a preferred priority for the rule packs in this case?
Or is there something in snort that chooses the newer rule?
Or am I missing something else?
Thanks..
updated more often from what's been put out), you end up with
duplicate rules.
ie:
WARNING: /etc/snort/rules/snort.rules(20104) GID 1 SID 560 in rule
duplicates previous rule. Ignoring old rule.
WARNING: /etc/snort/rules/snort.rules(20561) GID 1 SID 21255 in rule
duplicates previous rule. Ignoring old rule.
WARNING: /etc/snort/rules/snort.rules(20562) GID 1 SID 21256 in rule
duplicates previous rule. Ignoring old rule
So, does PP have a method in place in order to choose one rule over the other?
Can you set a preferred priority for the rule packs in this case?
Or is there something in snort that chooses the newer rule?
Or am I missing something else?
Thanks..
Reply all
Reply to author
Forward
0 new messages