Snort mailing list archives
Re: Snort SO Compiler
From: Patrick Mullen <pmullen () sourcefire com>
Date: Tue, 17 Nov 2015 20:58:34 -0600
The SO generator is an entirely different topic and won't help you here. Patrick On Nov 17, 2015 6:01 PM, "Rob Weiss" <rob.weiss () g2-inc com> wrote:
We could not seem to get that to work today. No matter what rule we put in, it told us that the rule was not valid. However, I'd be pleased to look at the code, if it is open source. On Tue, Nov 17, 2015 at 3:04 PM, Y M <snort () outlook com> wrote:Is the Shared Object Rule Generator at <https://labs.snort.org/cgi-bin/sorules> <https://labs.snort.org/cgi-bin/sorules.cgi> <https://labs.snort.org/cgi-bin/sorules.cgi>https://labs.snort.org/cgi- <https://labs.snort.org/cgi-bin/sorules.cgi>bin/sorules <https://labs.snort.org/cgi-bin/sorules.cgi> <https://labs.snort.org/cgi-bin/sorules.cgi> <https://labs.snort.org/cgi-bin/sorules.cgi>.cgi <https://labs.snort.org/cgi-bin/sorules.cgi> still a valid option? _____________________________ From: Patrick Mullen <pmullen () sourcefire com> Sent: Tuesday, November 17, 2015 10:52 PM Subject: Re: [Snort-sigs] Snort SO Compiler To: Rob Weiss <rob.weiss () g2-inc com> Cc: Snort Sigs <snort-sigs () lists sourceforge net> Shared Object rules have their own makefile. Build snort and save the resultant directory tree. Update the SO Makefile to point to that directory and set the proper version and make should work fine. The build process will automatically dump the stub rules files in the same directory as your build. Those are the files to copy to be loaded by snort somewhere and the shared object files need to be placed in the directory specified in your snort.conf. Thanks, Patrick We are looking at how to compile the rules into SOs to distribute them to our snort instances. The docs are hard to follow and it seems like whatever process that is available is not working for us at the moment. Is there a concise guide? Does snort, itself, dump the rules into SOs? Or does it only dump the SOs that were initially loaded into snort? Hope this is not too confusing. Thanks, Rob. ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort SO Compiler Rob Weiss (Nov 17)
- Re: Snort SO Compiler wkitty42 (Nov 17)
- Re: Snort SO Compiler Y M (Nov 17)
- Re: Snort SO Compiler Patrick Mullen (Nov 17)
- Re: Snort SO Compiler Rob Weiss (Nov 17)
- Re: Snort SO Compiler Patrick Mullen (Nov 17)
- Re: Snort SO Compiler Y M (Nov 17)
- Re: Snort SO Compiler Joel Esler (jesler) (Nov 17)
- Re: Snort SO Compiler Rob Weiss (Nov 17)
- Re: Snort SO Compiler Patrick Mullen (Nov 17)
- Re: Snort SO Compiler Patrick Mullen (Nov 17)
- Re: Snort SO Compiler Rob Weiss (Nov 17)
- Re: Snort SO Compiler wkitty42 (Nov 17)