> > I would say that sa-compile is the preferred method due to its > performance benefits. There aren't many (any?) drawbacks to using it. > > That said, I still cannot get it to work on my system. Everything works > fine with the standard rulesets, but as soon as I enable the compiled > rules, I start getting lots of errors in the logs about duplicated > rules. Nobody had any suggestions for me when I posted this problem, so > apparently it's not affecting a lot of people, but keep an eye on your > logs after enabling it. > > Other than that, just keep in mind that you will need to add the > sa-compile command to your update scripts. sa-update will not compile > the updated rules for you. > > -- > Bowie
Bowie What opsys and version are you using? If you have some of the error messages, can you re-post? I tried to google your name with several parameters to bring up the old posts regarding your situation, yet didn't locate it. Thanks! - rh
