[Snort-users] Snort-users Digest, Vol 132, Issue 23
Joel Esler (jesler)
jesler at ...589...
Sun May 21 15:14:49 EDT 2017
Wow. If you are using a ruleset that uses chat.rules and community-sql, you really need to update. We haven't published "community-sql" in over 10 years. I moved everything out of chat.rules about 4 years ago.
Sent from my iPhone
> On May 21, 2017, at 15:06, rmkml <rmkml at ...17498...> wrote:
> First warning is only for information, use old sig format:
> WARNING: /etc/snort/rules/chat.rules(33) threshold (in rule) is deprecated; use detection_filter instead.
> Second warning indicate duplicate sig on same file or same directory...:
> WARNING: /etc/snort/rules/community-sql-injection.rules(6) GID 1 SID 100000106 in rule duplicates previous rule. Ignoring old rule.
> For example, start with "grep -r 100000106 /etc/snort/rules/" and check output...
More information about the Snort-users