Snort mailing list archives
Re: Error when dumping so_rules with custom path using snort 2.9.7.0
From: waldo kitty <wkitty42 () windstream net>
Date: Mon, 03 Nov 2014 14:45:06 -0500
On 11/3/2014 11:38 AM, Sec_Aficionado wrote:
OK, I solved the problem. My snort.conf file had a line in section 9 (SO rules) saying this: *include $SO_RULE_PATH/so_rules.rules* This file (so_rules.rules) did not exist, however, because I was dumping the rules for the first time in this machine. That caused the problem. I issued the command: *touch so_rules.rules* in that directory and then snort was able to dump the rules without a problem.
excellent! glad that you found the problem... IIRC, on the system we have, we had something similar and adjusted our steps so that the entry for that file wasn't done until after we had dumped the stubs... that was several years ago, though, so my memory of that is a little foggy... using the shared object rules has always been problematic in our environment due to them needing to be compiled and we don't offer those or system updates every time the rules are updated or changed... especially since our environment is a stripped system to provide an extremely small attack surface and thus no compiler is available on live systems... only dev systems have that luxury ;) -- NOTE: No off-list assistance is given without prior approval. Please *keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Error when dumping so_rules with custom path using snort 2.9.7.0 Sec_Aficionado (Oct 31)
- Re: Error when dumping so_rules with custom path using snort 2.9.7.0 waldo kitty (Nov 01)
- Re: Error when dumping so_rules with custom path using snort 2.9.7.0 Sec_Aficionado (Nov 03)
- Re: Error when dumping so_rules with custom path using snort 2.9.7.0 waldo kitty (Nov 03)
- Re: Error when dumping so_rules with custom path using snort 2.9.7.0 Sec_Aficionado (Nov 03)
- Re: Error when dumping so_rules with custom path using snort 2.9.7.0 waldo kitty (Nov 01)