[Snort-users] Oinkmaster not seeing large SID file rules

James Lay jlay at ...13475...
Wed Jun 18 18:35:15 EDT 2008


On 6/18/08 4:00 PM, "CunningPike" <cunningpike at ...11827...> wrote:

> How certain are you that the rulesets your are updating with Oinkmaster
> contain a rule with sid:100000137?
> 
> CP
> 

Yep:  community-sid-msg.map:100000137 || COMMUNITY MISC BAD-SSL tcp detect


> James Lay wrote:
>> Hello!
>> 
>> Oinkmaster doesn¹t seem to see large SID rules.  Below is my disablesid
>> line:
>> 
>> disablesid 12488,100000137
>> 
>> And here¹s what I get from the oinkmaster report:
>> 
>> Processing downloaded rules... disabled 1, enabled 0, modified 0,
>> total=19680
>> 
>> Any way I can get it to see that second rule?  Thanks.
>> 
>> James
>> 







More information about the Snort-users mailing list