New sids nos conflict with COMMUNITY rules
Brought to you by:
jaalex
Menu
▾
▴
#9 New sids nos conflict with COMMUNITY rules
In version 2.x 3/31/05 the local.rules sids used to start
at 1000001 and I have 1000001-100 (that was lucky!)
After installing the COMMUNITY rules the local.rules
sids jumped to 100000134 and so on. I have just noticed
this clash. I also have BLEEDING rules with their
sequence and my own bogon.rules which start at
900000.
Now that I have got to local.rules sid 100000151 the sort
sequence seems to have gone wrong as when doing
Resources > Rules > View Rule > Local Rules the
recent rules eg 100000151-153 are displayed on the first
page [1 - 25] of that group of 115 rules they should be
on the last page.
It seems that the time has come to re-load and re-
number the local.rules but how can I and others control
the sequencing of new rules to avoid duplicate sids and
show them in sequence.
regards,
Brian.
PS New version is brilliant.
Logged In: YES
user_id=1105077
Yea, you are not the only one with this grief, i've had to re-sid any
community rules i wanted to use for the time being. There is a
collaboration being created between the groups to deal with sids, but it's
proven to be slowwww moving (OSSRC), there should be a link
somewhere on teh snort website.
This issue is being addressed, we've both been kinda swamped lately,
the community re-siding was kind of unexpected, I was waiting to see
what some of the OSSRC had to say about it before we made any
"concreate" changes....
...keep watching, i'm gonna try to help post an update soon...