Robert - elists wrote: > > I would say that sa-compile is the preferred method due to its > > performance benefits. There aren't many (any?) drawbacks to using > > it. > > > > That said, I still cannot get it to work on my system. Everything > > works fine with the standard rulesets, but as soon as I enable the > > compiled rules, I start getting lots of errors in the logs about > > duplicated rules. Nobody had any suggestions for me when I posted > > this problem, so apparently it's not affecting a lot of people, but > > keep an eye on your logs after enabling it. > > > > Other than that, just keep in mind that you will need to add the > > sa-compile command to your update scripts. sa-update will not > > compile the updated rules for you. > > Bowie > > What opsys and version are you using? > > If you have some of the error messages, can you re-post? > > I tried to google your name with several parameters to bring up the > old posts regarding your situation, yet didn't locate it.
I'm running CentOS 4.6 with SA 3.2.4. I just tried it to get a sample of the errors and it seems to be working fine now. I know I tried using sa-compile fairly recently (I think it was with 3.2.4) and still got the problem. I did run a major update to the OS a day or two ago, so maybe that fixed something. The original thread was on 8/7/2007 with the subject "Error after compiling rules". -- Bowie
