[Snort-sigs] Bleeding rules virus and threshold issue

James Lay jlay at ...2844...
Mon Feb 21 16:39:06 EST 2005


Frank,

Yep...dig it:

[17:36:53 jlay at ...2996...:/etc/snort$] grep 2001578 *| wc -l
1
[17:37:02 jlay at ...2996...:/etc/snort$] cd rules
[17:37:05 jlay at ...2996...:/etc/snort/rules$] grep 2001578 *| wc -l
1
[17:37:06 jlay at ...2996...:/etc/snort/rules$]

In a word, ouchies.

James

-----Original Message-----
From: Frank Knobbe [mailto:frank at ...1978...]
Sent: Monday, February 21, 2005 5:33 PM
To: James Lay
Cc: 'Snort-Sigs (E-mail)
Subject: RE: [Snort-sigs] Bleeding rules virus and threshold issue


On Mon, 2005-02-21 at 17:33 -0700, James Lay wrote:
> FATAL ERROR: Rule-Threshold-Parse: could not create a threshold object --
> only one per sid, sid = 2001578

That's insane...

What does

  grep "sid:2001578" *|wc -l    

show? Only 1???




More information about the Snort-sigs mailing list