[Snort-users] FATAL ERROR: FLOWBITS ERROR: The number of flowbit IDs in the current ruleset exceed the maximum number of IDs that are allowed.
frank at ...9761...
Thu Apr 21 20:21:03 EDT 2005
On Fri, 2005-04-22 at 14:21 +1200, Russell Fulton wrote:
> Hi, This afternoon after updating my bleeding rules I got the above
> error when restarting snort with the new rules.
> I am using most of the standard snort rules and a lot of the bleeding
> rules too.
> I guess this means that there is a limit to the number of Flowbit rules
> one can load at any time and that I have just exceeded it.
use the following directive in your snort.conf:
config flowbits_size: 256
I believe the default is 32 or 64, so anything larger than that should
help you out.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: This is a digitally signed message part
More information about the Snort-users