[Snort-users] Preprocessor and decoder rules
Shawn.Jefferson at ...14448...
Mon May 7 12:29:29 EDT 2012
I'm trying to use the pre-processor and decoder rule files to comment out some of the pre-processer and decoder rules I'm not interested in seeing alerts for. I compiled with -enable-sourcefire and the rules are being loaded in my snort.conf. However, during the load of snort I am getting these messages (for each GID/SID):
WARNING: /etc/snort/rules/preprocessor.rules(2) GID 105 SID 1 in rule duplicates previous rule. Ignoring old rule.#012
So, what am I doing wrong? Commenting out the rules doesn't work, since it seems they are being defined somewhere else.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users