On Wed, 2007-07-04 at 09:17 +0200, Jeffrey Denton wrote:
On 7/3/07, Ryan Hudson <ryan@mydingo.net.au> wrote:
Do you mean put that in snort.conf? Because when i tried that it just
thought you were reading the same rules files multiple times and failed as
the same pid's were being used multiple times. And the http_ports variable
was over-written 3 times.
Yeap, the SIDs will cause problems. Barnyard and Oinkmaster wouldn't
play nice either. One possible solution is to create separate rules
files for each port. This looks ugly...
Really? Never had a problem with that. Just created a small test file
with a duplicate rule, but changed ports. Snort reads both rules without
a complaint.
What version of Snort are you using that causes that error? Or is the
error caused by some third party app?
Regards,
Frank
--
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.
signature.asc
Description: This is a digitally signed message part
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
