Re: dynamic (so) rules

["Nerijus Krukauskas" <nkrukauskas () gmail com>]

On 02/07/2008, chris ryan <chris.ryan () gmx de> wrote:
> Nerijus Krukauskas schrieb:
> > On 02/07/2008, chris ryan <chris.ryan () gmx de> wrote:
> > > The rules in the tarball are about 75, after compiling and stub'ing 'em,
> > > there are only 22 left. I just wanted to know on what exactly that
> > > resulting number depends (platform-, systemspecific?). The precompiled
> > > librariers are crashing, so switching to them and all the 75 rules is no
> > > option.
> >
> >   I've got 71. Can you explain the '22' thing? I'm not getting idea of
> > your counting...
>
> The unchanged *.rules in the snortrules-snapshot-current tarball:
> (i guess these are to be used with the precompiled libraries)
>
> /etc/snort/rules/src/so_rules# cat *.rules | grep -v skeleton | wc -l
> 75
>
>
> After the make, witch generates the librariers and stub rule files in
> ./src, i've only 22 rules in the usable stub files:
>
> /etc/snort/rules/src/so_rules# cat ./src/*.rules | grep -v skeleton | wc -l
> 22
>
> So, i think can only use a subset of 22 rules out of 75...

  Well then, I can't help much as I use precompiled rules and snort
loads all of them. Except a few (in the range of 3-5), which I
disabled, because of no interest.

-- 
http://nk99.org/

-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users