Snort mailing list archives
Re: Clarification on so_rules
From: James Lay <jlay () slave-tothe-box net>
Date: Fri, 09 Aug 2013 10:32:05 -0600
On 2013-08-09 10:21, Y M wrote:
Hi James, I will take a shot explaining what I understand, if I get it wrong, someone please correct me. PulledPork should copy the .so rules from the distro/precompiled directory based on the distro variable you setup in your pulledpork.conf. If you use -T in your pulledpork command, it will process only text based rules.
Thanks YM...here's what I have in pp.conf: sorule_path=/opt/lib/snort_dynamicrules/ snort_path=/opt/bin/snort config_path=/opt/etc/snort/intsnort.conf sostub_path=/opt/etc/snort/rules/so_rules/so_rules.rules distro=Ubuntu-12-04 As Joel said, it looks like this is doing what it's supposed to do...the actual .so rules don't seem to be present however...I'm assuming they are supposed to be in /opt/lib/snort_dynamicrules/ yes? James ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Clarification on so_rules James Lay (Aug 09)
- Re: Clarification on so_rules Joel Esler (Aug 09)
- Re: Clarification on so_rules James Lay (Aug 09)
- Re: Clarification on so_rules waldo kitty (Aug 09)
- <Possible follow-ups>
- Re: Clarification on so_rules Y M (Aug 09)
- Re: Clarification on so_rules James Lay (Aug 09)
- Re: Clarification on so_rules Joel Esler (Aug 09)