[Snort-users] FATAL ERROR: FLOWBITS ERROR: The number of flowbit IDs in the current ruleset exceed the maximum number of IDs that are allowed.

Frank Knobbe frank at ...9761...
Thu Apr 21 20:21:03 EDT 2005


On Fri, 2005-04-22 at 14:21 +1200, Russell Fulton wrote:
> Hi, This afternoon after updating my bleeding rules I got the above
> error when restarting snort with the new rules.
> 
> I am using most of the standard snort rules and a lot of the bleeding
> rules too.
> 
> I guess this means that there is a limit to the number of Flowbit rules
> one can load at any time and that I have just exceeded it.

Yo Russell,

use the following directive in your snort.conf:

config flowbits_size: 256

I believe the default is 32 or 64, so anything larger than that should
help you out.

Cheers,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050421/65f34478/attachment.sig>


More information about the Snort-users mailing list