Snort mailing list archives
Re: Interesting observation with with so rules
From: James Lay <jlay () slave-tothe-box net>
Date: Fri, 11 Oct 2013 10:09:46 -0600
On 2013-10-11 10:01, Y M wrote:
I just noticed that you are manually dumping the rules and not from PulledPork, I was reading from my phone, sorry. The reason I asked which version of PulledPork is because since v0.7.0 , PulledPork dumps the the rules into the same snort.rules file, from pulledpork.conf: ##### Deprecated - The stubs are now categorically written to the single rule file! # sostub_path=/usr/local/etc/snort/rules/so_rules.rules Hence Snort was is not able to find $SORULE_PATH/bad-traffic.rules. But I guess that's not the issue after all! Thanks YM
AH SO! Let me see if that's the deal with me...betcha it is ;) Thanks YM! James ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Interesting observation with with so rules James Lay (Oct 11)
- <Possible follow-ups>
- Re: Interesting observation with with so rules Y M (Oct 11)
- Re: Interesting observation with with so rules James Lay (Oct 11)
- Re: Interesting observation with with so rules Y M (Oct 11)
- Re: Interesting observation with with so rules James Lay (Oct 11)
- Re: Interesting observation with with so rules James Lay (Oct 11)
- Re: Interesting observation with with so rules James Lay (Oct 11)
- Re: Interesting observation with with so rules James Lay (Oct 11)
- Re: Interesting observation with with so rules James Lay (Oct 12)