[Snort-users] Preprocessor and decoder rules

Jefferson, Shawn Shawn.Jefferson at ...14448...
Mon May 7 12:29:29 EDT 2012


I'm trying to use the pre-processor and decoder rule files to comment out some of the pre-processer and decoder rules I'm not interested in seeing alerts for.  I compiled with -enable-sourcefire and the rules are being loaded in my snort.conf.  However, during the load of snort I am getting these messages (for each GID/SID):

WARNING: /etc/snort/rules/preprocessor.rules(2) GID 105 SID 1 in rule duplicates previous rule. Ignoring old rule.#012

So, what am I doing wrong?  Commenting out the rules doesn't work, since it seems they are being defined somewhere else.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120507/435308c7/attachment.html>

More information about the Snort-users mailing list