[Snort-users] multiple port variable fun
frank at ...9761...
Tue Jul 24 19:59:32 EDT 2007
On Wed, 2007-07-04 at 09:17 +0200, Jeffrey Denton wrote:
> On 7/3/07, Ryan Hudson <ryan at ...14163...> wrote:
> > Do you mean put that in snort.conf? Because when i tried that it just
> > thought you were reading the same rules files multiple times and failed as
> > the same pid's were being used multiple times. And the http_ports variable
> > was over-written 3 times.
> Yeap, the SIDs will cause problems. Barnyard and Oinkmaster wouldn't
> play nice either. One possible solution is to create separate rules
> files for each port. This looks ugly...
Really? Never had a problem with that. Just created a small test file
with a duplicate rule, but changed ports. Snort reads both rules without
What version of Snort are you using that causes that error? Or is the
error caused by some third party app?
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: This is a digitally signed message part
More information about the Snort-users