[Snort-users] Local rules with same sids and snort works!
fatema.bannatwala at ...11827...
Wed Nov 9 13:19:48 EST 2016
Just realized that I have two rules in my local.rules file with same sid,
and snort works just fine!!
I always had in my head that sids should have to be unique, but today when
I was going through the local.rules file, I realized that someone from our
team had created a new rule and assigned it a same sid that a previous rule
I couldn't catch it before because snort was running just fine without any
complains on duplicate sids.
Have I missed this change in the current (or 2.9 version) of snort or is it
Quick points: I have local.rules enabled in snort.conf and pulled pork is
not modifying anything regarding local rules so they should get loaded as
it is, and above all I am getting alerts for one of the rules having
duplicate sid, but no alerts for the other rule having same sid.
Snort version - 22.214.171.124
barnyard version - 2-1.9
pulledpork - 0.7.0
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users