Snort mailing list archives

Re: Snort SO Compiler

From: Y M <snort () outlook com>
Date: Tue, 17 Nov 2015 20:04:22 +0000

Is the Shared Object Rule Generator at <https://labs.snort.org/cgi-bin/sorules> 
<https://labs.snort.org/cgi-bin/sorules.cgi> <https://labs.snort.org/cgi-bin/sorules.cgi> 
https://labs.snort.org/cgi-<https://labs.snort.org/cgi-bin/sorules.cgi>bin/sorules<https://labs.snort.org/cgi-bin/sorules.cgi><https://labs.snort.org/cgi-bin/sorules.cgi><https://labs.snort.org/cgi-bin/sorules.cgi>.cgi<https://labs.snort.org/cgi-bin/sorules.cgi>
 still a valid option?
_____________________________
From: Patrick Mullen <pmullen () sourcefire com<mailto:pmullen () sourcefire com>>
Sent: Tuesday, November 17, 2015 10:52 PM
Subject: Re: [Snort-sigs] Snort SO Compiler
To: Rob Weiss <rob.weiss () g2-inc com<mailto:rob.weiss () g2-inc com>>
Cc: Snort Sigs <snort-sigs () lists sourceforge net<mailto:snort-sigs () lists sourceforge net>>

Shared Object rules have their own makefile.  Build snort and save the resultant directory tree.  Update the SO 
Makefile to point to that directory and set the proper version and make should work fine.

The build process will automatically dump the stub rules files in the same directory as your build.  Those are the 
files to copy to be loaded by snort somewhere and the shared object files need to be placed in the directory specified 
in your snort.conf.

Thanks,

Patrick

We are looking at how to compile the rules into SOs to distribute them to our snort instances. The docs are hard to 
follow and it seems like whatever process that is available is not working for us at the moment.

Is there a concise guide? Does snort, itself, dump the rules into SOs? Or does it only dump the SOs that were initially 
loaded into snort?

Hope this is not too confusing.

Thanks,
Rob.

------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Snort SO Compiler Rob Weiss (Nov 17)
- Re: Snort SO Compiler wkitty42 (Nov 17)
  - Re: Snort SO Compiler Y M (Nov 17)
- Re: Snort SO Compiler Patrick Mullen (Nov 17)
  - Re: Snort SO Compiler Rob Weiss (Nov 17)
    - Re: Snort SO Compiler Patrick Mullen (Nov 17)
  - Re: Snort SO Compiler Y M (Nov 17)
    - Re: Snort SO Compiler Joel Esler (jesler) (Nov 17)
    - Re: Snort SO Compiler Rob Weiss (Nov 17)
    - Re: Snort SO Compiler Patrick Mullen (Nov 17)
    - Re: Snort SO Compiler Patrick Mullen (Nov 17)