[Snort-users] Oinkmaster not seeing large SID file rules
jlay at ...13475...
Wed Jun 18 18:35:15 EDT 2008
On 6/18/08 4:00 PM, "CunningPike" <cunningpike at ...11827...> wrote:
> How certain are you that the rulesets your are updating with Oinkmaster
> contain a rule with sid:100000137?
Yep: community-sid-msg.map:100000137 || COMMUNITY MISC BAD-SSL tcp detect
> James Lay wrote:
>> Oinkmaster doesn¹t seem to see large SID rules. Below is my disablesid
>> disablesid 12488,100000137
>> And here¹s what I get from the oinkmaster report:
>> Processing downloaded rules... disabled 1, enabled 0, modified 0,
>> Any way I can get it to see that second rule? Thanks.
More information about the Snort-users