Snort mailing list archives
SO rules and pulledpork
From: Fred Maillou <frederriffic () yahoo ca>
Date: Fri, 21 Feb 2014 08:23:44 -0800 (PST)
So far I understand that SO rules should have a .rules counterpart to enable/disable them. Is that right ? *If* that's the case, I do not get the corresponding .rules files to the .so files. This is using pulledpork 0.7.0 and the 2955 version of the rules snapshot. Since there's a big *if* here, I'l make the description short. The error from pp is: An error occurred: ERROR: [...]/tmp/etc/snort/rules/local.rules(0) Unable to open rules file "[...]/tmp/etc/snort/rules/local.rules": No such file or directory. An error occurred: Fatal Error, Quitting.. /tmp/ is the temp_path. The 2955 archived snapshot is in there also. So I presume that the local.rules file that pp does not find should be included in the 2955 snapshot from snort.org. pp is called, apart fron the config file, with the following: '-n -P -k -D Debian-6-0' and works from an already downloaded 2995 archive and md5 file in it's temp_path. Apart from this puzzlement, lots of rules gets written in the out_path, and possibly all .so files gets created/moved at the right location defined by sorule_path. At this stage there are two questions basically: 1) Should each SO .so file have a corresponding .rules file ? 2) Why does pp expects to find a local.rules file at that location ? There is no local_rules defined in pp's config. I'd like to sort this out: any help will be greatly appreciated - thanks.
------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- SO rules and pulledpork Fred Maillou (Feb 21)