Re: Clarification on so_rules

[James Lay <jlay () slave-tothe-box net>]

On 2013-08-09 10:21, Y M wrote:
> Hi James,
>
>  I will take a shot explaining what I understand, if I get it wrong,
> someone please correct me.
>
>  PulledPork should copy the .so rules from the distro/precompiled
> directory based on the distro variable you setup in your
> pulledpork.conf. If you use -T in your pulledpork command, it will
> process only text based rules.


Thanks YM...here's what I have in pp.conf:

sorule_path=/opt/lib/snort_dynamicrules/
snort_path=/opt/bin/snort
config_path=/opt/etc/snort/intsnort.conf
sostub_path=/opt/etc/snort/rules/so_rules/so_rules.rules
distro=Ubuntu-12-04


As Joel said, it looks like this is doing what it's supposed to 
do...the actual .so rules don't seem to be present however...I'm 
assuming they are supposed to be in /opt/lib/snort_dynamicrules/ yes?

James

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!