Snort mailing list archives
Re: Interesting observation with with so rules
From: James Lay <jlay () slave-tothe-box net>
Date: Fri, 11 Oct 2013 10:05:45 -0600
On 2013-10-11 09:33, James Lay wrote:
On 2013-10-11 09:28, Y M wrote:Hi James Which version of pulledpork are using? Sent from PhoneLatest...0.7.0, however this happens when I try it manually, as per: http://www.snort.org/snort-rules/shared-object-rules But ultimately the goal is to have pp do it all..but I get the same error attempting to use pp, so eh..I think I need to at least be able to do it manually successfully first ;) I have no idea why it's prepending the CONF_PATH with the SORULE_PATH..makes no sense :( Thanks YM. James
Yea so I got this to go manually...but PP doesn't create the rulefile, so off to the PP group :) Generating Stub Rules.... Generating shared object stubs via:/opt/bin/snort -c /opt/etc/snort/sid-msgmap.conf --dump-dynamic-rules=/tmp/tha_rules/so_rules/ Dumping dynamic rules... Dumping dynamic rules for Library web-activex 1.0.1 Dumping dynamic rules for Library nntp 1.0.1 Dumping dynamic rules for Library imap 1.0.1 Dumping dynamic rules for Library web-iis 1.0.1 Dumping dynamic rules for Library smtp 1.0.1 Dumping dynamic rules for Library bad-traffic 1.0.1 Dumping dynamic rules for Library misc 1.0.1 Dumping dynamic rules for Library netbios 1.0.1 Dumping dynamic rules for Library exploit 1.0.1 Dumping dynamic rules for Library web-misc 1.0.1 Dumping dynamic rules for Library snmp 1.0.1 Dumping dynamic rules for Library p2p 1.0.1 Dumping dynamic rules for Library chat 1.0.1 Dumping dynamic rules for Library multimedia 1.0.1 Dumping dynamic rules for Library specific-threats 1.0.1 Dumping dynamic rules for Library icmp 1.0.1 Dumping dynamic rules for Library web-client 1.0.1 Dumping dynamic rules for Library dos 1.0.1 Finished dumping dynamic rules. Done [09:59:19 goids:~/snort/so_rules$ ls -l total 0 -rw-r--r-- 1 root root 0 Oct 11 09:56 so_rules.rules Thanks YM. James
/opt/bin/snort -c /opt/etc/snort/sid-msgmap.conf --dump-dynamic-rules=/opt/etc/snort/so_rules/ Running in Rule Dump mode --== Initializing Snort ==-- Initializing Output Plugins! Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file "/opt/etc/snort/sid-msgmap.conf" ERROR: /opt/etc/snort//opt/etc/snort/so_rules/bad-traffic.rules(0) Unable to open rules file "/opt/etc/snort//opt/etc/snort/so_rules/bad-traffic.rules": No such file or directory. Fatal Error, Quitting.. If I comment it out, everything works....is there something I'm totally missing? Thanks for the assist all...setting up a new machine and this has me stumped.
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Interesting observation with with so rules James Lay (Oct 11)
- <Possible follow-ups>
- Re: Interesting observation with with so rules Y M (Oct 11)
- Re: Interesting observation with with so rules James Lay (Oct 11)
- Re: Interesting observation with with so rules Y M (Oct 11)
- Re: Interesting observation with with so rules James Lay (Oct 11)
- Re: Interesting observation with with so rules James Lay (Oct 11)
- Re: Interesting observation with with so rules James Lay (Oct 11)
- Re: Interesting observation with with so rules James Lay (Oct 11)
- Re: Interesting observation with with so rules James Lay (Oct 12)