Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Duplicated rules with the last update

From: Joel Esler <jesler () sourcefire com>
Date: Fri, 19 Apr 2013 10:11:28 -0400
On Apr 19, 2013, at 10:03 AM, C. L. Martinez <carlopmart () gmail com> wrote:


 I have updated my snort rules five minutes ago and a lot of messages like these appears:

Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-app-detect.rules(38) GID 1 SID 
21488 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-app-detect.rules(56) GID 1 SID 
24397 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(8) GID 1 SID 23799 
in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(10) GID 1 SID 
23800 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(12) GID 1 SID 
23801 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(14) GID 1 SID 
23802 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(16) GID 1 SID 
23803 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-botnet-cnc.rules(18) GID 1 SID 
23804 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-chrome.rules(8) GID 1 SID 
16667 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-chrome.rules(10) GID 1 SID 
16668 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-chrome.rules(20) GID 1 SID 
19710 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(14) GID 1 SID 
13838 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(16) GID 1 SID 
15164 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(20) GID 1 SID 
15383 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(24) GID 1 SID 
15431 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(26) GID 1 SID 
15699 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(32) GID 1 SID 
15997 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(34) GID 1 SID 
15999 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(56) GID 1 SID 
16142 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(60) GID 1 SID 
16284 in rule duplicates previous rule. Ignoring old rule.
Apr 19 13:58:32 nsm01 snort[1565]: WARNING: /data/config/etc/idpsnort01/rules/VRT-browser-firefox.rules(68) GID 1 SID 
16347 in rule duplicates previous rule. Ignoring old rule.


 I am using pulledpork to update rules …



Looking into it.


------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: