Re: Interesting observation with with so rules

[James Lay <jlay () slave-tothe-box net>]

On Oct 11, 2013, at 8:25 PM, wkitty42 () windstream net wrote:

> On Friday, October 11, 2013 11:33 AM, James Lay <jlay () slave-tothe-box net> wrote: 
> > But ultimately the goal is to have pp do it all..but I get the same 
> > error attempting to use pp, so eh..I think I need to at least be able to 
> > do it manually successfully first ;)  I have no idea why it's prepending 
> > the CONF_PATH with the SORULE_PATH..makes no sense :(  Thanks YM. 
>
> my eWAG is that like snort, it prepends the default path when it cannot access the one defined...

Thanks Waldo….yea this turned out to be a chicken or the egg kind of thing.  On a brand new install of snort on a brand 
new box I was thinking "why bother to copy the rules since pulled pork will do it all", which is kind of true :D  It 
looks like snort gets cranky when the actual rule file doesn't exist..so the solution is to either copy, or simply 
touch the file, then it will work fine.  Good info to know in the future :)

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!