[Snort-users] Local Rule Error

wkitty42 at ...14940... wkitty42 at ...14940...
Sun Feb 19 20:31:15 EST 2017


On 02/19/2017 07:16 PM, Jones, Christopher (Chris) (Maj) wrote:
> I’m working on writing some simple local rules but Snort is giving me the
> error: “SID 5000001 in rule duplicates previous rule.  Ignoring old rule.”

what other rules do you have installed and configured? it appears, based on what 
you've written, that you have other rules installed and configured for use...

try adding a few more zeros to your local base SID range... i use 100000000 to 
start my local rules specifically to get their SIDs up and away from the others 
currently available by distribution...

yours: 5000001
mine : 100000000


-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.




More information about the Snort-users mailing list