Snort mailing list archives
Dynamic rules not read
From: xinland66 () gmail com
Date: Wed, 14 Oct 2015 16:49:38 -0400
I have configured to use pulledpork to dowload the rules. But seems the dynamic rules are not used. Can somebody help to let me know what I missed? Here is snort output: +-----------------------[rate-filter-rules]------------------------------------ Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 <Build 1> Parsing Rules file "/etc/snort/snort.conf" Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-java.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-mail.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-pdf.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/indicator-shellcode.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/os-windows.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-flash.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-image.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-oracle.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-other.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-iis.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/malware-other.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/exploit-kit.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-nntp.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/pua-p2p.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-other.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/browser-other.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-tftp.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/netbios.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/malware-cnc.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-other.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-multimedia.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/policy-social.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-apache.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-snmp.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-webapp.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/browser-ie.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-mysql.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-dns.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/os-linux.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-voip.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-office.so... Loading dynamic detection library /usr/local/lib/snort_dynamicrules/os-other.so... Finished Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules Processing blacklist file /etc/snort/rules.blacklist 8302 Snort rules read 8152 detection rules 150 decoder rules 0 preprocessor rules 0 Dynamic rules Here is my snort.conf # Step #4: Configure dynamic loaded libraries. # For more information, see Snort Manual, Configuring Snort - Dynamic Modules ################################################### # path to dynamic preprocessor libraries dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/ # path to base preprocessor engine dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so # path to dynamic rules libraries dynamicdetection directory /usr/local/lib/snort_dynamicrules include $RULE_PATH/VRT-SO-browser-ie.rules include $RULE_PATH/VRT-SO-browser-other.rules include $RULE_PATH/VRT-SO-exploit-kit.rules include $RULE_PATH/VRT-SO-file-flash.rules include $RULE_PATH/VRT-SO-file-image.rules include $RULE_PATH/VRT-SO-file-java.rules include $RULE_PATH/VRT-SO-file-multimedia.rules include $RULE_PATH/VRT-SO-file-office.rules include $RULE_PATH/VRT-SO-file-other.rules include $RULE_PATH/VRT-SO-file-pdf.rules include $RULE_PATH/VRT-SO-indicator-shellcode.rules include $RULE_PATH/VRT-SO-malware-cnc.rules include $RULE_PATH/VRT-SO-malware-other.rules include $RULE_PATH/VRT-SO-netbios.rules include $RULE_PATH/VRT-SO-os-linux.rules include $RULE_PATH/VRT-SO-os-other.rules include $RULE_PATH/VRT-SO-os-windows.rules include $RULE_PATH/VRT-SO-policy-social.rules include $RULE_PATH/VRT-SO-protocol-dns.rules include $RULE_PATH/VRT-SO-protocol-nntp.rules include $RULE_PATH/VRT-SO-protocol-other.rules include $RULE_PATH/VRT-SO-protocol-snmp.rules include $RULE_PATH/VRT-SO-protocol-tftp.rules include $RULE_PATH/VRT-SO-protocol-voip.rules include $RULE_PATH/VRT-SO-pua-p2p.rules include $RULE_PATH/VRT-SO-server-apache.rules include $RULE_PATH/VRT-SO-server-iis.rules include $RULE_PATH/VRT-SO-server-mail.rules include $RULE_PATH/VRT-SO-server-mysql.rules include $RULE_PATH/VRT-SO-server-oracle.rules include $RULE_PATH/VRT-SO-server-other.rules include $RULE_PATH/VRT-SO-server-webapp.rules Thanks, KL ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Dynamic rules not read xinland66 (Oct 14)