Snort mailing list archives
Re: so_rules are not processed by pulledpork underFreeBSD 9.1
From: "Seth Dunn" <seth () d2ms com>
Date: Thu, 9 May 2013 09:52:59 -0400
One other thing to look at:
Snort Config File: /data/config/etc/idpsnort01/snort.conf
Snort Path is: /usr/local/bin/snort
SO Output Path is: /data/config/etc/idpsnort01/so_rules/
And your error shows::
An error occurred: ERROR:
/data/config/etc/idpsnort01/rules/VRT-app-detect.rules(0) Unable to open
rules file
"/data/config/etc/idpsnort01/rules/VRT-app-detect.rules": No such file
or directory.
Is there a /rules/ or /so_rules/ folder in which PP is working with?
-----Original Message-----
From: C. L. Martinez [mailto:carlopmart () gmail com]
Sent: Thursday, May 09, 2013 9:26 AM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] so_rules are not processed by pulledpork
underFreeBSD 9.1
On Thu, May 9, 2013 at 1:14 PM, C. L. Martinez <carlopmart () gmail com>
wrote:
Hi all,
I ma trying to manage all snort rules using pulledpork under FreeBSD.
All works ok, except so_rules: never they are processed.
Pulledpork output:
http://code.google.com/p/pulledpork/
_____ ____
`----,\ )
`--==\\ / PulledPork v0.6.2dev the Cigar Pig <////~
`--==\\/
.-~~~~-.Y|\\_ Copyright (C) 2009-2012 JJ Cummings
@_/ / 66\_ cummingsj () gmail com
| \ \ _(")
\ /-| ||'--' Rules give me wings!
\_\ \_\\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Config File Variable Debug
/data/config/etc/idpsnort01/pulledpork/pulledpork.conf
snort_path = /usr/local/bin/snort
enablesid =
/data/config/etc/idpsnort01/pulledpork/enablesid.conf
distro = FreeBSD-9-0
temp_path = /tmp
version = 0.6.1
sorule_path = /data/config/etc/idpsnort01/so_rules/
rule_path = /data/config/etc/idpsnort01/rules/all.rules
ignore = deleted.rules,experimental.rules,local.rules
rule_url = ARRAY(0x80258e5a0)
sid_msg_version = 1
sid_changelog = /tmp/sid_changes.log
out_path = /data/config/etc/idpsnort01/rules/
sid_msg = /data/config/etc/idpsnort01/sid-msg.map
ips_policy = security
config_path = /data/config/etc/idpsnort01/snort.conf
MISC (CLI and Autovar) Variable Debug:
Process flag specified!
arch Def is: x86-64
Config Path is:
/data/config/etc/idpsnort01/pulledpork/pulledpork.conf
Distro Def is: FreeBSD-9-0
Keep rulefiles flag is Set
Keep rulefiles path: /data/config/etc/idpsnort01/rules/
security policy specified
No Download Flag is Set
Rules file is: /data/config/etc/idpsnort01/rules/all.rules
Path to enablesid file:
/data/config/etc/idpsnort01/pulledpork/enablesid.conf
sid changes will be logged to: /tmp/sid_changes.log
sid-msg.map Output Path is:
/data/config/etc/idpsnort01/sid-msg.map
Snort Version is: 2.9.4.6
Snort Config File: /data/config/etc/idpsnort01/snort.conf
Snort Path is: /usr/local/bin/snort
SO Output Path is: /data/config/etc/idpsnort01/so_rules/
Will process SO rules
Verbose Flag is Set
Base URL is:
https://www.snort.org/reg-rules/|snortrules-snapshot-2945.tar.gz|69c3a
bc8e00c849390192c3e07666782df49abda
Prepping rules from snortrules-snapshot-2945.tar.gz for work....
extracting contents of /tmp/snortrules-snapshot-2945.tar.gz...
Ignoring plaintext rules: deleted.rules
Ignoring plaintext rules: experimental.rules
Ignoring plaintext rules: local.rules
Extracted: /tha_rules/VRT-server-other.rules
Extracted: /tha_rules/VRT-pua-adware.rules
Extracted: /tha_rules/VRT-misc.rules
Extracted: /tha_rules/VRT-malware-backdoor.rules
Extracted: /tha_rules/VRT-indicator-compromise.rules
Extracted: /tha_rules/VRT-file-pdf.rules
Extracted: /tha_rules/VRT-content-replace.rules
Extracted: /tha_rules/VRT-file-identify.rules
Extracted: /tha_rules/VRT-browser-webkit.rules
Extracted: /tha_rules/VRT-specific-threats.rules
Extracted: /tha_rules/VRT-file-office.rules
Extracted: /tha_rules/VRT-rpc.rules
Extracted: /tha_rules/VRT-dns.rules
Extracted: /tha_rules/VRT-os-other.rules
Extracted: /tha_rules/VRT-snmp.rules
Extracted: /tha_rules/VRT-policy-other.rules
Extracted: /tha_rules/VRT-web-coldfusion.rules
Extracted: /tha_rules/VRT-protocol-voip.rules
Extracted: /tha_rules/VRT-file-image.rules
Extracted: /tha_rules/VRT-chat.rules
Extracted: /tha_rules/VRT-voip.rules
Extracted: /tha_rules/VRT-os-solaris.rules
Extracted: /tha_rules/VRT-pop3.rules
Extracted: /tha_rules/VRT-server-mssql.rules
Extracted: /tha_rules/VRT-preprocessor.rules
Extracted: /tha_rules/VRT-policy-social.rules
Extracted: /tha_rules/VRT-protocol-ftp.rules
Extracted: /tha_rules/VRT-server-webapp.rules
Extracted: /tha_rules/VRT-server-oracle.rules
Extracted: /tha_rules/VRT-scada.rules
Extracted: /tha_rules/VRT-other-ids.rules
Extracted: /tha_rules/VRT-server-apache.rules
Extracted: /tha_rules/VRT-sql.rules
Extracted: /tha_rules/VRT-icmp.rules
Extracted: /tha_rules/VRT-file-multimedia.rules
Extracted: /tha_rules/VRT-pua-p2p.rules
Extracted: /tha_rules/VRT-info.rules
Extracted: /tha_rules/VRT-pua-other.rules
Extracted: /tha_rules/VRT-server-mail.rules
Extracted: /tha_rules/VRT-netbios.rules
Extracted: /tha_rules/VRT-smtp.rules
Extracted: /tha_rules/VRT-protocol-icmp.rules
Extracted: /tha_rules/VRT-sensitive-data.rules
Extracted: /tha_rules/VRT-indicator-shellcode.rules
Extracted: /tha_rules/VRT-web-iis.rules
Extracted: /tha_rules/VRT-protocol-finger.rules
Extracted: /tha_rules/VRT-botnet-cnc.rules
Extracted: /tha_rules/VRT-pua-toolbars.rules
Extracted: /tha_rules/VRT-mysql.rules
Extracted: /tha_rules/VRT-virus.rules
Extracted: /tha_rules/VRT-protocol-imap.rules
Extracted: /tha_rules/VRT-malware-cnc.rules
Extracted: /tha_rules/VRT-web-misc.rules
Extracted: /tha_rules/VRT-tftp.rules
Extracted: /tha_rules/VRT-blacklist.rules
Extracted: /tha_rules/VRT-shellcode.rules
Extracted: /tha_rules/VRT-spyware-put.rules
Extracted: /tha_rules/VRT-exploit.rules
Extracted: /tha_rules/VRT-protocol-services.rules
Extracted: /tha_rules/VRT-browser-ie.rules
Extracted: /tha_rules/VRT-os-windows.rules
Extracted: /tha_rules/VRT-ddos.rules
Extracted: /tha_rules/VRT-attack-responses.rules
Extracted: /tha_rules/VRT-browser-firefox.rules
Extracted: /tha_rules/VRT-browser-chrome.rules
Extracted: /tha_rules/VRT-telnet.rules
Extracted: /tha_rules/VRT-browser-other.rules
Extracted: /tha_rules/VRT-icmp-info.rules
Extracted: /tha_rules/VRT-os-linux.rules
Extracted: /tha_rules/VRT-indicator-obfuscation.rules
Extracted: /tha_rules/VRT-policy-spam.rules
Extracted: /tha_rules/VRT-malware-tools.rules
Extracted: /tha_rules/VRT-x11.rules
Extracted: /tha_rules/VRT-p2p.rules
Extracted: /tha_rules/VRT-scan.rules
Extracted: /tha_rules/VRT-ftp.rules
Extracted: /tha_rules/VRT-malware-other.rules
Extracted: /tha_rules/VRT-web-php.rules
Extracted: /tha_rules/VRT-web-activex.rules
Extracted: /tha_rules/VRT-decoder.rules
Extracted: /tha_rules/VRT-web-frontpage.rules
Extracted: /tha_rules/VRT-rservices.rules
Extracted: /tha_rules/VRT-file-executable.rules
Extracted: /tha_rules/VRT-file-other.rules
Extracted: /tha_rules/VRT-backdoor.rules
Extracted: /tha_rules/VRT-multimedia.rules
Extracted: /tha_rules/VRT-web-client.rules
Extracted: /tha_rules/VRT-exploit-kit.rules
Extracted: /tha_rules/VRT-protocol-pop.rules
Extracted: /tha_rules/VRT-browser-plugins.rules
Extracted: /tha_rules/VRT-policy.rules
Extracted: /tha_rules/VRT-web-attacks.rules
Extracted: /tha_rules/VRT-imap.rules
Extracted: /tha_rules/VRT-file-flash.rules
Extracted: /tha_rules/VRT-nntp.rules
Extracted: /tha_rules/VRT-dos.rules
Extracted: /tha_rules/VRT-finger.rules
Extracted: /tha_rules/VRT-phishing-spam.rules
Extracted: /tha_rules/VRT-server-mysql.rules
Extracted: /tha_rules/VRT-oracle.rules
Extracted: /tha_rules/VRT-server-iis.rules
Extracted: /tha_rules/VRT-app-detect.rules
Extracted: /tha_rules/VRT-policy-multimedia.rules
Extracted: /tha_rules/VRT-pop2.rules
Extracted: /tha_rules/VRT-bad-traffic.rules
Extracted: /tha_rules/VRT-web-cgi.rules
Reading rules...
Reading rules...
Cleanup....
removed 108 temporary snort files or directories from
/tmp/tha_rules!
Activating security rulesets....
Done
Processing /data/config/etc/idpsnort01/pulledpork/enablesid.conf....
Modified 0 rules
Done
Setting Flowbit State....
Enabled 851 flowbits
Enabled 29 flowbits
Enabled 4 flowbits
Enabled 2 flowbits
Done
Writing rules to unique destination files....
Writing rules to /data/config/etc/idpsnort01/rules/
Done
Generating sid-msg.map....
Done
Writing v1 /data/config/etc/idpsnort01/sid-msg.map....
Done
Fly Piggy Fly!
And my pulledpork.conf:
#rule_url=http://rules.emergingthreats.net/|emerging.rules.tar.gz|open
#rule_url=https://s3.amazonaws.com/snort-org/www/rules/community/|comm
unity-rules.tar.gz|Community
# Ignored rules
ignore=deleted.rules,experimental.rules,local.rules
# What is our temp path, be sure this path has a bit of space for rule
# extraction and manipulation, no trailing slash temp_path=/tmp # What path you want the .rules file containing all of the processed #
rules? (this value has changed as of 0.4.0, previously we copied # all
of the rules, now we are creating a single large rules file # but still keeping a separate file for your so_rules! rule_path=/data/config/etc/idpsnort01/rules/all.rules # Output path for download rules out_path=/data/config/etc/idpsnort01/rules/ # Location for sid-msg.map file sid_msg=/data/config/etc/idpsnort01/sid-msg.map # New for by2 and more advanced msg mapping. Valid options are 1 or 2
# specify version 2 if you are running barnyard2.2+. Otherwise use 1 sid_msg_version=1 # Defined path for sid changelog file sid_changelog=/tmp/sid_changes.log # What path you want the .so files to actually go to *i.e. where is it
# defined in your snort.conf, needs a trailing slash sorule_path=/data/config/etc/idpsnort01/so_rules/ # Define your distro, this is for the precompiled shared object libs! distro=FreeBSD-9-0 # Path to the snort binary, we need this to generate the stub files snort_path=/usr/local/bin/snort # We need to know where your snort.conf file lives so that we can # generate the stub files config_path=/data/config/etc/idpsnort01/snort.conf # Define the path to the pid files of any running process that you want to # HUP after PP has completed its run. #pid_path=/var/run/snort_em5.pid # If you are using IP Reputation and getting some public lists, you will probably # want to tell pulledpork where your blacklist file lives, PP automagically will # de-dupe any duplicate IPs from different sources. #black_list=/data/config/etc/idpsnort01/iplists/default.blacklist #IPRVersion=/data/config/etc/idpsnort01/iplists/ # Define local rules files #local_rules=/data/config/etc/idpsnort01/rules/apt1.rules # Here you can specify what rule modification files to run
automatically.
# simply uncomment and specify the apt path. enablesid=/data/config/etc/idpsnort01/pulledpork/enablesid.conf # dropsid=/usr/local/etc/snort/dropsid.conf #disablesid=/data/config/etc/idpsnort01/pulledpork/disablesid.conf # modifysid=/usr/local/etc/snort/modifysid.conf ips_policy=security ####### Remember, a number of these values are optional.. if you don't
####### need to process so_rules, simply comment out the so_rule section ####### you can also specify -T at runtime to process only GID
1 rules.
version=0.6.1
Uhmm strange. .. Forcing downloading rules, log output is different:
http://code.google.com/p/pulledpork/
_____ ____
`----,\ )
`--==\\ / PulledPork v0.6.2dev the Cigar Pig <////~
`--==\\/
.-~~~~-.Y|\\_ Copyright (C) 2009-2012 JJ Cummings
@_/ / 66\_ cummingsj () gmail com
| \ \ _(")
\ /-| ||'--' Rules give me wings!
\_\ \_\\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Config File Variable Debug
/data/config/etc/idpsnort01/pulledpork/pulledpork.conf
snort_path = /usr/local/bin/snort
enablesid =
/data/config/etc/idpsnort01/pulledpork/enablesid.conf
distro = FreeBSD-9-0
temp_path = /tmp
version = 0.6.1
sorule_path = /data/config/etc/idpsnort01/so_rules/
rule_path = /data/config/etc/idpsnort01/rules/all.rules
ignore = deleted.rules,experimental.rules,local.rules
rule_url = ARRAY(0x80258e570)
sid_msg_version = 1
sid_changelog = /tmp/sid_changes.log
out_path = /data/config/etc/idpsnort01/rules/
sid_msg = /data/config/etc/idpsnort01/sid-msg.map
ips_policy = security
config_path = /data/config/etc/idpsnort01/snort.conf
** GET
https://www.snort.org/reg-rules/snortrules-snapshot-2945.tar.gz.md5==>
200 OK (1s)
** GET https://www.snort.org/reg-rules/snortrules-snapshot-2945.tar.gz/
==> 302 Found (2s)
** GET
https://s3.amazonaws.com/snort-org/www/rules/20130409/snortrules-snapsho
t-2945.tar.gz?AWSAccessKeyId=AKIAJ65S5YX6KA26VRJQ&Expires=1368105643&Sig
nature=AG8ZKYqhh3Rq%2FM%2FSqfAW1ef77Hc%3D
==> 200 OK (36s)
MISC (CLI and Autovar) Variable Debug:
arch Def is: x86-64
Config Path is:
/data/config/etc/idpsnort01/pulledpork/pulledpork.conf
Distro Def is: FreeBSD-9-0
Keep rulefiles flag is Set
Keep rulefiles path: /data/config/etc/idpsnort01/rules/
security policy specified
Rules file is: /data/config/etc/idpsnort01/rules/all.rules
Path to enablesid file:
/data/config/etc/idpsnort01/pulledpork/enablesid.conf
sid changes will be logged to: /tmp/sid_changes.log
sid-msg.map Output Path is:
/data/config/etc/idpsnort01/sid-msg.map
Snort Version is: 2.9.4.6
Snort Config File: /data/config/etc/idpsnort01/snort.conf
Snort Path is: /usr/local/bin/snort
SO Output Path is: /data/config/etc/idpsnort01/so_rules/
Will process SO rules
Verbose Flag is Set
Base URL is:
https://www.snort.org/reg-rules/|snortrules-snapshot-2945.tar.gz|69c3abc
8e00c849390192c3e07666782df49abda
Checking latest MD5 for snortrules-snapshot-2945.tar.gz....
Fetching md5sum for: snortrules-snapshot-2945.tar.gz.md5
most recent rules file digest: e52a09218f5f8d81789b5b68694b58a7
Rules tarball download of snortrules-snapshot-2945.tar.gz....
Fetching rules file: snortrules-snapshot-2945.tar.gz
storing file at: /tmp/snortrules-snapshot-2945.tar.gz
current local rules file digest:
e52a09218f5f8d81789b5b68694b58a7
so I'm not gonna download the rules file again suckas!
Prepping rules from snortrules-snapshot-2945.tar.gz for work....
extracting contents of /tmp/snortrules-snapshot-2945.tar.gz...
Ignoring plaintext rules: deleted.rules
Ignoring plaintext rules: experimental.rules
Ignoring plaintext rules: local.rules
Extracted: /tha_rules/VRT-server-other.rules
Extracted: /tha_rules/VRT-pua-adware.rules
Extracted: /tha_rules/VRT-misc.rules
Extracted: /tha_rules/VRT-malware-backdoor.rules
Extracted: /tha_rules/VRT-indicator-compromise.rules
Extracted: /tha_rules/VRT-file-pdf.rules
Extracted: /tha_rules/VRT-content-replace.rules
Extracted: /tha_rules/VRT-file-identify.rules
Extracted: /tha_rules/VRT-browser-webkit.rules
Extracted: /tha_rules/VRT-specific-threats.rules
Extracted: /tha_rules/VRT-file-office.rules
Extracted: /tha_rules/VRT-rpc.rules
Extracted: /tha_rules/VRT-dns.rules
Extracted: /tha_rules/VRT-os-other.rules
Extracted: /tha_rules/VRT-snmp.rules
Extracted: /tha_rules/VRT-policy-other.rules
Extracted: /tha_rules/VRT-web-coldfusion.rules
Extracted: /tha_rules/VRT-protocol-voip.rules
Extracted: /tha_rules/VRT-file-image.rules
Extracted: /tha_rules/VRT-chat.rules
Extracted: /tha_rules/VRT-voip.rules
Extracted: /tha_rules/VRT-os-solaris.rules
Extracted: /tha_rules/VRT-pop3.rules
Extracted: /tha_rules/VRT-server-mssql.rules
Extracted: /tha_rules/VRT-preprocessor.rules
Extracted: /tha_rules/VRT-policy-social.rules
Extracted: /tha_rules/VRT-protocol-ftp.rules
Extracted: /tha_rules/VRT-server-webapp.rules
Extracted: /tha_rules/VRT-server-oracle.rules
Extracted: /tha_rules/VRT-scada.rules
Extracted: /tha_rules/VRT-other-ids.rules
Extracted: /tha_rules/VRT-server-apache.rules
Extracted: /tha_rules/VRT-sql.rules
Extracted: /tha_rules/VRT-icmp.rules
Extracted: /tha_rules/VRT-file-multimedia.rules
Extracted: /tha_rules/VRT-pua-p2p.rules
Extracted: /tha_rules/VRT-info.rules
Extracted: /tha_rules/VRT-pua-other.rules
Extracted: /tha_rules/VRT-server-mail.rules
Extracted: /tha_rules/VRT-netbios.rules
Extracted: /tha_rules/VRT-smtp.rules
Extracted: /tha_rules/VRT-protocol-icmp.rules
Extracted: /tha_rules/VRT-sensitive-data.rules
Extracted: /tha_rules/VRT-indicator-shellcode.rules
Extracted: /tha_rules/VRT-web-iis.rules
Extracted: /tha_rules/VRT-protocol-finger.rules
Extracted: /tha_rules/VRT-botnet-cnc.rules
Extracted: /tha_rules/VRT-pua-toolbars.rules
Extracted: /tha_rules/VRT-mysql.rules
Extracted: /tha_rules/VRT-virus.rules
Extracted: /tha_rules/VRT-protocol-imap.rules
Extracted: /tha_rules/VRT-malware-cnc.rules
Extracted: /tha_rules/VRT-web-misc.rules
Extracted: /tha_rules/VRT-tftp.rules
Extracted: /tha_rules/VRT-blacklist.rules
Extracted: /tha_rules/VRT-shellcode.rules
Extracted: /tha_rules/VRT-spyware-put.rules
Extracted: /tha_rules/VRT-exploit.rules
Extracted: /tha_rules/VRT-protocol-services.rules
Extracted: /tha_rules/VRT-browser-ie.rules
Extracted: /tha_rules/VRT-os-windows.rules
Extracted: /tha_rules/VRT-ddos.rules
Extracted: /tha_rules/VRT-attack-responses.rules
Extracted: /tha_rules/VRT-browser-firefox.rules
Extracted: /tha_rules/VRT-browser-chrome.rules
Extracted: /tha_rules/VRT-telnet.rules
Extracted: /tha_rules/VRT-browser-other.rules
Extracted: /tha_rules/VRT-icmp-info.rules
Extracted: /tha_rules/VRT-os-linux.rules
Extracted: /tha_rules/VRT-indicator-obfuscation.rules
Extracted: /tha_rules/VRT-policy-spam.rules
Extracted: /tha_rules/VRT-malware-tools.rules
Extracted: /tha_rules/VRT-x11.rules
Extracted: /tha_rules/VRT-p2p.rules
Extracted: /tha_rules/VRT-scan.rules
Extracted: /tha_rules/VRT-ftp.rules
Extracted: /tha_rules/VRT-malware-other.rules
Extracted: /tha_rules/VRT-web-php.rules
Extracted: /tha_rules/VRT-web-activex.rules
Extracted: /tha_rules/VRT-decoder.rules
Extracted: /tha_rules/VRT-web-frontpage.rules
Extracted: /tha_rules/VRT-rservices.rules
Extracted: /tha_rules/VRT-file-executable.rules
Extracted: /tha_rules/VRT-file-other.rules
Extracted: /tha_rules/VRT-backdoor.rules
Extracted: /tha_rules/VRT-multimedia.rules
Extracted: /tha_rules/VRT-web-client.rules
Extracted: /tha_rules/VRT-exploit-kit.rules
Extracted: /tha_rules/VRT-protocol-pop.rules
Extracted: /tha_rules/VRT-browser-plugins.rules
Extracted: /tha_rules/VRT-policy.rules
Extracted: /tha_rules/VRT-web-attacks.rules
Extracted: /tha_rules/VRT-imap.rules
Extracted: /tha_rules/VRT-file-flash.rules
Extracted: /tha_rules/VRT-nntp.rules
Extracted: /tha_rules/VRT-dos.rules
Extracted: /tha_rules/VRT-finger.rules
Extracted: /tha_rules/VRT-phishing-spam.rules
Extracted: /tha_rules/VRT-server-mysql.rules
Extracted: /tha_rules/VRT-oracle.rules
Extracted: /tha_rules/VRT-server-iis.rules
Extracted: /tha_rules/VRT-app-detect.rules
Extracted: /tha_rules/VRT-policy-multimedia.rules
Extracted: /tha_rules/VRT-pop2.rules
Extracted: /tha_rules/VRT-bad-traffic.rules
Extracted: /tha_rules/VRT-web-cgi.rules
Reading rules...
Generating Stub Rules....
Generating shared object stubs via:/usr/local/bin/snort -c
/data/config/etc/idpsnort01/snort.conf
--dump-dynamic-rules=/tmp/tha_rules/so_rules/
An error occurred: ERROR:
/data/config/etc/idpsnort01/rules/VRT-app-detect.rules(0) Unable to open
rules file
"/data/config/etc/idpsnort01/rules/VRT-app-detect.rules": No such file
or directory.
An error occurred: Fatal Error, Quitting..
Done
Reading rules...
Reading rules...
Cleanup....
removed 108 temporary snort files or directories from
/tmp/tha_rules!
Activating security rulesets....
Done
Processing /data/config/etc/idpsnort01/pulledpork/enablesid.conf....
Modified 0 rules
Done
Setting Flowbit State....
Enabled 851 flowbits
Enabled 29 flowbits
Enabled 4 flowbits
Enabled 2 flowbits
Done
Writing rules to unique destination files....
Writing rules to /data/config/etc/idpsnort01/rules/
Done
Generating sid-msg.map....
Done
Writing v1 /data/config/etc/idpsnort01/sid-msg.map....
Done
Fly Piggy Fly!
------------------------------------------------------------------------
------
Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is
the definitive new guide to graph databases and their applications. This
200-page book is written by three acclaimed leaders in the field. The
early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest
Snort news!
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- so_rules are not processed by pulledpork under FreeBSD 9.1 C. L. Martinez (May 09)
- Re: so_rules are not processed by pulledpork under FreeBSD 9.1 C. L. Martinez (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 Seth Dunn (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 C. L. Martinez (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 Seth Dunn (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 C. L. Martinez (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 Seth Dunn (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 C. L. Martinez (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 C. L. Martinez (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 Seth Dunn (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 Seth Dunn (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 Seth Dunn (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 C. L. Martinez (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 Seth Dunn (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 JJ Cummings (May 09)
- Re: so_rules are not processed by pulledpork underFreeBSD 9.1 Seth Dunn (May 09)
- Re: so_rules are not processed by pulledpork under FreeBSD 9.1 C. L. Martinez (May 09)