Snort mailing list archives

Re: Duplicate rules & rule parser

From: Joel Esler <jesler () sourcefire com>
Date: Sat, 26 Oct 2013 09:33:19 -0400

Ignore the warnings is the solution. As you said this is by design. Community ruleset has the potential to be more up 
to date than the subscriber set, as it's published daily.  


--
Joel Esler
Sent from my iPad

On Oct 26, 2013, at 9:14 AM, Eric G <eric () nixwizard net> wrote:

On Oct 26, 2013 3:42 AM, "Anshuman Anil Deshmukh" <anshuman () cybage com> wrote:


Hi,

 

Still waiting for some solution on my issue.


Anshuman two people chimed in with explanations (one of whom actually works for Sourcefire)... this behavior is by 
design. Snort will automatically use the rule with the higher revision but throe a warning.

Comment out the community rule set or ignore the warnings... that's the solution.

--
Eric
http://www.linkedin.com/in/ericgearhart
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Re: Duplicate rules & rule parser, (continued)
- - Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 22)
    - Re: Duplicate rules & rule parser Peter Bates (Oct 22)
  - Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 23)
    - Re: Duplicate rules & rule parser JJ Cummings (Oct 23)
    - Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 23)
    - Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 24)
    - Re: Duplicate rules & rule parser Joel Esler (Oct 25)
    - Re: Duplicate rules & rule parser JJC (Oct 25)
    - Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 26)
    - Re: Duplicate rules & rule parser Eric G (Oct 26)
    - Re: Duplicate rules & rule parser Joel Esler (Oct 26)
    - Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 27)
    - Re: Duplicate rules & rule parser Peter Bates (Oct 24)