[Snort-users] Snort-users Digest, Vol 132, Issue 23

Joel Esler (jesler) jesler at ...589...
Sun May 21 15:14:49 EDT 2017

Wow.  If you are using a ruleset that uses chat.rules and community-sql, you really need to update.  We haven't published "community-sql" in over 10 years.  I moved everything out of chat.rules about 4 years ago.  


Sent from my iPhone

> On May 21, 2017, at 15:06, rmkml <rmkml at ...17498...> wrote:
> First warning is only for information, use old sig format:
> WARNING: /etc/snort/rules/chat.rules(33) threshold (in rule) is deprecated; use detection_filter instead.
> Second warning indicate duplicate sig on same file or same directory...:
> WARNING: /etc/snort/rules/community-sql-injection.rules(6) GID 1 SID 100000106 in rule duplicates previous rule. Ignoring old rule.
> For example, start with "grep -r 100000106 /etc/snort/rules/" and check output...

More information about the Snort-users mailing list