[Snort-sigs] 0 dynamic rule loaded in snort

Joel Esler (jesler) jesler at cisco.com
Fri Jun 29 09:43:45 EDT 2018


Are you using the community ruleset + the registered ruleset?

--
Joel Esler
Sr. Manager
Open Source, Design, Web, and Education
Talos Group
http://www.talosintelligence.com

On Jun 25, 2018, at 6:35 PM, bz Os via Snort-sigs <snort-sigs at lists.snort.org<mailto:snort-sigs at lists.snort.org>> wrote:

hello every body i am using snort as ids and when i run snort as ids i have WARNING: /home/olive/Desktop/rules/malware-cnc.rules(3174) GID 1 SID 34050 in rule duplicates previous rule. Ignoring old rule.

WARNING: /home/olive/Desktop/rules/malware-cnc.rules(3175) GID 1 SID 34049 in rule duplicates previous rule. Ignoring old rule.

WARNING: /home/olive/Desktop/rules/malware-cnc.rules(3176) GID 1 SID 34047 in rule duplicates previous rule. Ignoring old rule.

WARNING: /home/olive/Desktop/rules/malware-cnc.rules(3255) GID 1 SID 29616 in rule duplicates previous rule. Ignoring old rule.

WARNING: /home/olive/Desktop/rules/malware-cnc.rules(3256) GID 1 SID 29615 in rule duplicates previous rule. Ignoring old rule.

WARNING: /home/olive/Desktop/rules/malware-cnc.rules(3257) GID 1 SID 26264 in rule duplicates previous rule. Ignoring old rule.

WARNING: /home/olive/Desktop/rules/os-windows.rules(40) GID 1 SID 272 in rule duplicates previous rule. Ignoring old rule.

WARNING: /home/olive/Desktop/rules/os-windows.rules(41) GID 1 SID 3442 in rule duplicates previous rule. Ignoring old rule.

25867 Snort rules read
    23950 detection rules
    150 decoder rules
    268 preprocessor rules
24368 Option Chains linked into 923 Chain Headers
0 Dynamic rules

and the  directory dynamic rules libraries
dynamicdetection directory /usr/local/lib/snort_dynamicrules
is empty , all SO_rules how can i fix this problem


_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.snort.org<mailto:Snort-sigs at lists.snort.org>
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20180629/294602ac/attachment-0001.html>


More information about the Snort-sigs mailing list