[Snort-users] Local Rule Error

Jones, Christopher (Chris) (Maj) cajones1 at ...17771...
Sun Feb 19 20:44:23 EST 2017


Thanks for the reply.  I added the two extra zeros as you suggested and am still getting the error.  I'm using the community rules and don't have any other local rules.  I've attached a screenshot so you can see the error.  There must be something else in the rule that is confusing snort.  

Chris

-----Original Message-----
From: wkitty42 at ...14940... [mailto:wkitty42 at ...14940...] 
Sent: Sunday, February 19, 2017 5:31 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Local Rule Error

On 02/19/2017 07:16 PM, Jones, Christopher (Chris) (Maj) wrote:
> I’m working on writing some simple local rules but Snort is giving me 
> the
> error: “SID 5000001 in rule duplicates previous rule.  Ignoring old rule.”

what other rules do you have installed and configured? it appears, based on what you've written, that you have other rules installed and configured for use...

try adding a few more zeros to your local base SID range... i use 100000000 to start my local rules specifically to get their SIDs up and away from the others currently available by distribution...

yours: 5000001
mine : 100000000


--
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rules error.jpg
Type: image/jpeg
Size: 61565 bytes
Desc: rules error.jpg
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170220/f926bc7f/attachment.jpg>


More information about the Snort-users mailing list