[Snort-users] multiple port variable fun

Frank Knobbe frank at ...9761...
Tue Jul 24 19:59:32 EDT 2007


On Wed, 2007-07-04 at 09:17 +0200, Jeffrey Denton wrote:
> On 7/3/07, Ryan Hudson <ryan at ...14163...> wrote:
> > Do you mean put that in snort.conf?  Because when i tried that it just
> > thought you were reading the same rules files multiple times and failed as
> > the same pid's were being used multiple times. And the http_ports variable
> > was over-written 3 times.
> >

> Yeap, the SIDs will cause problems.  Barnyard and Oinkmaster wouldn't
> play nice either.  One possible solution is to create separate rules
> files for each port.  This looks ugly...

Really? Never had a problem with that. Just created a small test file
with a duplicate rule, but changed ports. Snort reads both rules without
a complaint.

What version of Snort are you using that causes that error? Or is the
error caused by some third party app?

Regards,
Frank


-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20070724/1e6e35e9/attachment.sig>


More information about the Snort-users mailing list