Snort mailing list archives

Re: Snort SO Compiler


From: Rob Weiss <rob.weiss () g2-inc com>
Date: Tue, 17 Nov 2015 18:01:37 -0500

We could not seem to get that to work today. No matter what rule we put in,
it told us that the rule was not valid. However, I'd be pleased to look at
the code, if it is open source.

On Tue, Nov 17, 2015 at 3:04 PM, Y M <snort () outlook com> wrote:

Is the Shared Object Rule Generator at
<https://labs.snort.org/cgi-bin/sorules>
<https://labs.snort.org/cgi-bin/sorules.cgi>
<https://labs.snort.org/cgi-bin/sorules.cgi>https://labs.snort.org/cgi-
<https://labs.snort.org/cgi-bin/sorules.cgi>bin/sorules
<https://labs.snort.org/cgi-bin/sorules.cgi>
<https://labs.snort.org/cgi-bin/sorules.cgi>
<https://labs.snort.org/cgi-bin/sorules.cgi>.cgi
<https://labs.snort.org/cgi-bin/sorules.cgi> still a valid option?
_____________________________
From: Patrick Mullen <pmullen () sourcefire com>
Sent: Tuesday, November 17, 2015 10:52 PM
Subject: Re: [Snort-sigs] Snort SO Compiler
To: Rob Weiss <rob.weiss () g2-inc com>
Cc: Snort Sigs <snort-sigs () lists sourceforge net>



Shared Object rules have their own makefile.  Build snort and save the
resultant directory tree.  Update the SO Makefile to point to that
directory and set the proper version and make should work fine.

The build process will automatically dump the stub rules files in the same
directory as your build.  Those are the files to copy to be loaded by snort
somewhere and the shared object files need to be placed in the directory
specified in your snort.conf.

Thanks,

Patrick
We are looking at how to compile the rules into SOs to distribute them to
our snort instances. The docs are hard to follow and it seems like whatever
process that is available is not working for us at the moment.

Is there a concise guide? Does snort, itself, dump the rules into SOs? Or
does it only dump the SOs that were initially loaded into snort?

Hope this is not too confusing.

Thanks,
Rob.

------------------------------------------------------------------------------


_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!



------------------------------------------------------------------------------
Give your users amazing mobile app experiences with Intel XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2-D/3-D games for multiple OSs.
Then get your creation into app stores sooner, with many ways to monetize.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread: