Snort mailing list archives
Re: I'm getting close, I smell more bacon
From: Joel Esler <jesler () sourcefire com>
Date: Fri, 14 Sep 2012 11:10:18 -0400
JJ, can you help out here? On Sep 14, 2012, at 3:34 AM, PR <oly562 () gmail com> wrote:
ok, i commented out ET rules. bah, i will deal with that later.
1. i ran
./pulledpork.pl -s /etc/snort/so_rules -p /usr/local/bin/snort
-C /etc/snort.conf -i /etc/snort/disablesid.conf
-b /etc/snort/dropsid.conf -e /etc/snort/enablesid.conf
-M /etc/snort/modifysid.conf -e /etc/snort/enablesid.conf
-c /etc/snort/pulledpork.conf -o /etc/snort/rules/
2. I got:
Use of uninitialized value $arch in regexp compilation
at ./pulledpork.pl line 271.
Done!
Reading rules...
Generating Stub Rules....
Something failed in the gen_stubs sub, please verify your shared object
config!
Done
Reading rules...
Reading rules...
Processing /etc/snort/enablesid.conf....
Modified 0 rules
Done
Processing /etc/snort/dropsid.conf....
Modified 0 rules
Done
Processing /etc/snort/disablesid.conf....
Modified 0 rules
Done
Modifying Sids....
Done!
Setting Flowbit State....
Enabled 11 flowbits
Enabled 1 flowbits
Done
Writing /etc/snort/rules....
Unable to write /etc/snort/rules - Is a directory
at ./pulledpork.pl line 1083.
main::rule_write('HASH(0x8f682ac)', '/etc/snort/rules', 1, undef)
called at ./pulledpork.pl line 1870
3. also, do i need to define all that stuff in cmdline, couldn't i just
uncomment the /etc/snort/disablesid.confs in pulledpork.conf? just
wondering.
Thanks!!! any input is really appreciated. i'm learning more and more
every day. Pretty soon i will be asking about rule creation lol
------------------------------------------------------------------------------ Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- I'm getting close, I smell more bacon PR (Sep 15)
- Re: I'm getting close, I smell more bacon Joel Esler (Sep 14)
- Re: I'm getting close, I smell more bacon JJC (Sep 14)
- Re: I'm getting close, I smell more bacon PR (Sep 15)
- Re: I'm getting close, I smell more bacon JJC (Sep 14)
- Re: I'm getting close, I smell more bacon Joel Esler (Sep 14)