[Snort-users] max flowbits fatal errors

Kungu Panda kungupanda at ...11827...
Thu Oct 7 09:55:35 EDT 2010


I am running into the following fatal error when starting snort:

  "ERROR: FLOWBITS: The number of flowbit IDs in the current ruleset (513)
exceed the maximum number of IDs that are allowed (512)."
  "Fatal Error, Quitting."

I tried setting the global configuration option in snort.conf:  "config
flowbits_size: 768"  which really resulted in the really confusing error:
  "ERROR: /etc/snort/snort.conf  Invalid argument to 'flowbits_size': 768.
Must be a positive integer and less than 256."

Running on snort v2.8.6.1.
Tried finding help in the snort manual and README.flowbits with no success.
Also did not find any command-line options that would help.

Can someone point me in the right direction regarding bumping-up the maximum
number of flowbits IDs ?
And what exactly does the "config flowbits_size: nnn"  configuration option
do ?

Thank you,
K.Panda
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20101007/a8ec77c6/attachment.html>


More information about the Snort-users mailing list