[Snort-users] max flowbits fatal errors
kungupanda at ...11827...
Thu Oct 7 09:55:35 EDT 2010
I am running into the following fatal error when starting snort:
"ERROR: FLOWBITS: The number of flowbit IDs in the current ruleset (513)
exceed the maximum number of IDs that are allowed (512)."
"Fatal Error, Quitting."
I tried setting the global configuration option in snort.conf: "config
flowbits_size: 768" which really resulted in the really confusing error:
"ERROR: /etc/snort/snort.conf Invalid argument to 'flowbits_size': 768.
Must be a positive integer and less than 256."
Running on snort v18.104.22.168.
Tried finding help in the snort manual and README.flowbits with no success.
Also did not find any command-line options that would help.
Can someone point me in the right direction regarding bumping-up the maximum
number of flowbits IDs ?
And what exactly does the "config flowbits_size: nnn" configuration option
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users