[Snort-users] Snort down

James Lay jlay at ...13475...
Wed Jun 15 07:01:28 EDT 2016


Try:
grep 2014141 snort.rules
And see what you find.
James
On Wed, 2016-06-15 at 16:17 +0530, ARUN LAL wrote:
> No we don't do anything on the file. May be it happens after
> pullderok rule updates.
> 
> @James jay we don't have multiple rules with same SID
> 
> On Wed, Jun 15, 2016 at 3:50 PM, James Lay <jlay at ...13475...>
> wrote:
> > On Wed, 2016-06-15 at 14:17 +0530, ARUN LAL wrote:
> > > Hello Team,
> > > 
> > > Our snort service is getting down. While checking we have found
> > > that the following.
> > > 
> > > =====================
> > > 
> > > ERROR: /etc/snort/rules/snort.rules(6053) threshold (in rule):
> > > could not create threshold - only one per sig_id=2014141.
> > > 
> > > =====================
> > > 
> > > After uncommenting the rule in snort.rule the snort service is
> > > running fine.
> > > 
> > > > > Why it happens always?? Can some explain it to me?
> > > Regards
> > > Arunlal
> > > ---------------------------------------------------------------
> > > ---------------
> > > What NetFlow Analyzer can do for you? Monitors network bandwidth
> > > and traffic
> > > patterns at an interface-level. Reveals which users, apps, and
> > > protocols are 
> > > consuming the most bandwidth. Provides multi-vendor support for
> > > NetFlow, 
> > > J-Flow, sFlow and other flows. Make informed decisions using
> > > capacity planning
> > > reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421
> > > &iu=/41014381
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-use
> > > rs
> > > 
> > > Please visit http://blog.snort.org to stay current on all the
> > > latest Snort news!
> > You have duplicate rules or two rules with the same SID....sounds
> > like you'll want to look at your rule update process.
> > 
> > James
> > 
> > -----------------------------------------------------------------
> > -------------
> > What NetFlow Analyzer can do for you? Monitors network bandwidth
> > and traffic
> > patterns at an interface-level. Reveals which users, apps, and
> > protocols are
> > consuming the most bandwidth. Provides multi-vendor support for
> > NetFlow,
> > J-Flow, sFlow and other flows. Make informed decisions using
> > capacity planning
> > reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&i
> > u=/41014381
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> > 
> > Please visit http://blog.snort.org to stay current on all the
> > latest Snort news!
> -------------------------------------------------------------------
> -----------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and
> protocols are 
> consuming the most bandwidth. Provides multi-vendor support for
> NetFlow, 
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=
> /41014381
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160615/3222db39/attachment.html>


More information about the Snort-users mailing list