Robert - elists wrote:
> > I would say that sa-compile is the preferred method due to its
> > performance benefits. There aren't many (any?) drawbacks to using
> > it.
> >
> > That said, I still cannot get it to work on my system. Everything
> > works fine with the standard rulesets, but as soon as I enable the
> > compiled rules, I start getting lots of errors in the logs about
> > duplicated rules. Nobody had any suggestions for me when I posted
> > this problem, so apparently it's not affecting a lot of people, but
> > keep an eye on your logs after enabling it.
> >
> > Other than that, just keep in mind that you will need to add the
> > sa-compile command to your update scripts. sa-update will not
> > compile the updated rules for you.

>
> Bowie
>
> What opsys and version are you using?
>
> If you have some of the error messages, can you re-post?
>
> I tried to google your name with several parameters to bring up the
> old posts regarding your situation, yet didn't locate it.


I'm running CentOS 4.6 with SA 3.2.4.

I just tried it to get a sample of the errors and it seems to be working
fine now. I know I tried using sa-compile fairly recently (I think it
was with 3.2.4) and still got the problem. I did run a major update to
the OS a day or two ago, so maybe that fixed something.

The original thread was on 8/7/2007 with the subject "Error after
compiling rules".

--
Bowie