[Snort-users] The same GID and SID in rule duplicates previous rule in Snort-2.8.5.2

bai haoquan baihaoquan at ...11827...
Wed Mar 10 09:59:25 EST 2010


Hi,

I had already update my snort from 2.6.1 to 2.8.5.2, my old snort is used in
a web project, and in this project, the user's rules is generated
automatically. In these rules, there are some rules with the same sid, for
example :

    alert TCP 192.168.123.110 any -> 192.168.123.113 1111 (msg:"tcp";
content:"tcp";sid:1000001;)
    alert UDP 192.168.123.110 any -> 192.168.123.113 1234 (msg:"udp";
content:"udp";sid:1000001;)

these rules cause errors in the new version 2.8.5.2 when start the snort but
not in the old version 2.6.1. Of cause I know that  I should make the rules
generate different sid (1000001, 1000002 ...), but now for some reasons
difficult to do this,* I want to know if there are some way to make "the
same sid in rules" also work, and not cause errors in the version
2.8.5.2,*  please
help me to fix this problem if there is someway to do this. Tkank you very
much.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100310/0da3b4d4/attachment.html>


More information about the Snort-users mailing list