[Snort-users] solving some warning

Joel Esler (jesler) jesler at ...589...
Mon Dec 12 10:37:31 EST 2016


Are you downloading and using the community ruleset + the registered/subscriber ruleset?  This is what typically causes this.  You have two copies of the same rule.  This is totally fine.  Snort will use the newest version of the rule by default.

So, for instance, if the community version (updated daily) is at rev:2;, and the registered version is at rev:1;.  Snort will use the rev:2; of the version, and you will receive this version.

Check out this blog post:

http://blog.snort.org/2013/03/the-sourcefire-vrt-community-ruleset-is.html


--
Joel Esler | Talos: Manager | jesler at ...589...<mailto:jesler at ...589...>






On Dec 10, 2016, at 2:31 AM, Ikenna Chiadikaobi <reniykec at ...131...<mailto:reniykec at ...131...>> wrote:

attach is a result of dataset analysis, there are some list of warning , whats the way out of them :-

Loading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so... done
Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules...
WARNING: No dynamic libraries found in directory /usr/local/lib/snort_dynamicrules.



WARNING: rules/malware-cnc.rules(3256) GID 1 SID 39574 in rule duplicates previous rule. Ignoring old rule.

WARNING: rules/malware-cnc.rules(3257) GID 1 SID 39573 in rule duplicates previous rule. Ignoring old rule.



Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log
Verifying Preprocessor Configurations!
WARNING: flowbits key 'file.png' is checked but not ever set.
WARNING: flowbits key 'file.jar' is checked but not ever set.
WARNING: flowbits key 'file.realplayer.playlist' is set but not ever
<exam2.txt>------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20161212/58c9b81a/attachment.html>


More information about the Snort-users mailing list