Snort not loading dynamic rules?

["Andy Berryman" <aberryman () Cymtec com>]

I thought I read somewhere that when it says it loaded 0 dynamic rules
that it really didn't mean anything. I'm just trying to double check
myself to make sure it wasn't a dream.

 

When I start snort and tail syslog I get this

 

0998]: Initializing rule chains...

Feb 10 19:11:49 (none) snort[20998]: 6154 Snort rules read

Feb 10 19:11:49 (none) snort[20998]:     5912 detection rules

Feb 10 19:11:49 (none) snort[20998]:     65 decoder rules

Feb 10 19:11:49 (none) snort[20998]:     177 preprocessor rules

Feb 10 19:11:49 (none) snort[20998]: 6154 Option Chains linked into 624
Chain Headers

Feb 10 19:11:49 (none) snort[20998]: 0 Dynamic rules

 

 

I have my so.rules in my snort.conf

 

dynamicdetection directory /snort_lib/snort_dynamicrules

dynamicpreprocessor directory /snort_lib/snort_dynamicpreprocessor

dynamicengine directory /snort_lib/snort_dynamicengine

 

var RULE_PATH /snort/conf

 

 

include $RULE_PATH/so.rules

include $RULE_PATH/preprocessor.rules

include $RULE_PATH/decoder.rules

 

I dump all the dynamic rules from snort_dynamicrules to the so_rules
then I go into each of the directories it creates and copy the rules to
a single so.rules file. 
I do this so I have a somewhat clean snort.conf file

 

Is it a problem that I have all the so_rules in a single so.rules file?

 

Or do they need to be like this:

include $SORULE_PATH/bad-traffic.rules

include $SORULE_PATH/chat.rules

include $SORULE_PATH/dos.rules

include $SORULE_PATH/exploit.rules

include $SORULE_PATH/imap.rules

include $SORULE_PATH/misc.rules

include $SORULE_PATH/multimedia.rules

include $SORULE_PATH/netbios.rules

include $SORULE_PATH/nntp.rules

include $SORULE_PATH/p2p.rules

include $SORULE_PATH/smtp.rules

include $SORULE_PATH/sql.rules

include $SORULE_PATH/web-client.rules

include $SORULE_PATH/web-misc.rules

 

 

 

 

 

 

 

 

 

 

Thanks,

Andy Berryman

 


###############################################################################
This message from Cymtec Systems, Inc. contains confidential information and is solely for the use of the recipient(s) 
named above.  If you are not the intended recipient or an agent responsible for delivering it to the intended 
recipient, you are hereby notified that you have received this message in error and that any review, disclosure, 
copying, distribution or use of the contents of this message is strictly prohibited.  If you have received this message 
in error, please destroy it immediately and notify Cymtec Systems, Inc. by telephone at +1.314.993.8700 or by return 
e-mail.                    
###############################################################################

------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users