Log a warning on duplicate SID

Currently when suricata-update encounters a rule with duplicate SIDs,
it silently uses the one with the higher revision without logging the
warnings.
On duplicate SID, warnings are logged for equal as well as different
revisions.

diff --git a/suricata/update/main.py b/suricata/update/main.py
index c6218ed1dadfb75a057144da367609f962ec2abd..2aa61bfa26dc4a1496c3d072b722bf0b34190454 100644 (file)
--- a/suricata/update/main.py
+++ b/suricata/update/main.py
@@ -692,7 +692,14 @@ def build_rule_map(rules):
         if rule.id not in rulemap:
             rulemap[rule.id] = rule
         else:
+            if rule["rev"] == rulemap[rule.id]["rev"]:
+                logger.warning(
+                    "Found duplicate rule SID {} with same revision, "
+                    "keeping the first rule seen.".format(rule.sid))
             if rule["rev"] > rulemap[rule.id]["rev"]:
+                logger.warning(
+                    "Found duplicate rule SID {}, "
+                    "keeping the rule with greater revision.".format(rule.sid))
                 rulemap[rule.id] = rule
 
     return rulemap