[Snort-users] Duplicated rules with the last update

Joel Esler jesler at ...1935...
Fri Apr 19 10:11:28 EDT 2013


On Apr 19, 2013, at 10:03 AM, C. L. Martinez <carlopmart at ...11827...> wrote:

>  I have updated my snort rules five minutes ago and a lot of messages like these appears:
> 
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-app-detect.rules(38) GID 1 SID 21488 in rule duplicates previous rule. Ignoring old rule.
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-app-detect.rules(56) GID 1 SID 24397 in rule duplicates previous rule. Ignoring old rule.
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(8) GID 1 SID 23799 in rule duplicates previous rule. Ignoring old rule.
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(10) GID 1 SID 23800 in rule duplicates previous rule. Ignoring old rule.
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(12) GID 1 SID 23801 in rule duplicates previous rule. Ignoring old rule.
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(14) GID 1 SID 23802 in rule duplicates previous rule. Ignoring old rule.
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(16) GID 1 SID 23803 in rule duplicates previous rule. Ignoring old rule.
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(18) GID 1 SID 23804 in rule duplicates previous rule. Ignoring old rule.
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-chrome.rules(8) GID 1 SID 16667 in rule duplicates previous rule. Ignoring old rule.
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-chrome.rules(10) GID 1 SID 16668 in rule duplicates previous rule. Ignoring old rule.
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-chrome.rules(20) GID 1 SID 19710 in rule duplicates previous rule. Ignoring old rule.
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(14) GID 1 SID 13838 in rule duplicates previous rule. Ignoring old rule.
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(16) GID 1 SID 15164 in rule duplicates previous rule. Ignoring old rule.
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(20) GID 1 SID 15383 in rule duplicates previous rule. Ignoring old rule.
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(24) GID 1 SID 15431 in rule duplicates previous rule. Ignoring old rule.
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(26) GID 1 SID 15699 in rule duplicates previous rule. Ignoring old rule.
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(32) GID 1 SID 15997 in rule duplicates previous rule. Ignoring old rule.
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(34) GID 1 SID 15999 in rule duplicates previous rule. Ignoring old rule.
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(56) GID 1 SID 16142 in rule duplicates previous rule. Ignoring old rule.
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(60) GID 1 SID 16284 in rule duplicates previous rule. Ignoring old rule.
> Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(68) GID 1 SID 16347 in rule duplicates previous rule. Ignoring old rule.
> 
> 
>  I am using pulledpork to update rules …


Looking into it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130419/061d3793/attachment.html>


More information about the Snort-users mailing list