[Snort-users] Duplicated rules with the last update

C. L. Martinez carlopmart at ...11827...
Fri Apr 19 10:03:09 EDT 2013


Hi all,

 I have updated my snort rules five minutes ago and a lot of messages like
these appears:

Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-app-detect.rules(38) GID 1 SID 21488
in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-app-detect.rules(56) GID 1 SID 24397
in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(8) GID 1 SID 23799
in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(10) GID 1 SID 23800
in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(12) GID 1 SID 23801
in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(14) GID 1 SID 23802
in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(16) GID 1 SID 23803
in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(18) GID 1 SID 23804
in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-browser-chrome.rules(8) GID 1 SID
16667 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-browser-chrome.rules(10) GID 1 SID
16668 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-browser-chrome.rules(20) GID 1 SID
19710 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(14) GID 1 SID
13838 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(16) GID 1 SID
15164 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(20) GID 1 SID
15383 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(24) GID 1 SID
15431 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(26) GID 1 SID
15699 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(32) GID 1 SID
15997 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(34) GID 1 SID
15999 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(56) GID 1 SID
16142 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(60) GID 1 SID
16284 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING:
/data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(68) GID 1 SID
16347 in rule duplicates previous rule. Ignoring old rule.


 I am using pulledpork to update rules ...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130419/c5a3a078/attachment.html>


More information about the Snort-users mailing list