Snort mailing list archives
Re: Snort SO Compiler
From: Rob Weiss <rob.weiss () g2-inc com>
Date: Tue, 17 Nov 2015 18:01:37 -0500
We could not seem to get that to work today. No matter what rule we put in, it told us that the rule was not valid. However, I'd be pleased to look at the code, if it is open source. On Tue, Nov 17, 2015 at 3:04 PM, Y M <snort () outlook com> wrote:
Is the Shared Object Rule Generator at <https://labs.snort.org/cgi-bin/sorules> <https://labs.snort.org/cgi-bin/sorules.cgi> <https://labs.snort.org/cgi-bin/sorules.cgi>https://labs.snort.org/cgi- <https://labs.snort.org/cgi-bin/sorules.cgi>bin/sorules <https://labs.snort.org/cgi-bin/sorules.cgi> <https://labs.snort.org/cgi-bin/sorules.cgi> <https://labs.snort.org/cgi-bin/sorules.cgi>.cgi <https://labs.snort.org/cgi-bin/sorules.cgi> still a valid option? _____________________________ From: Patrick Mullen <pmullen () sourcefire com> Sent: Tuesday, November 17, 2015 10:52 PM Subject: Re: [Snort-sigs] Snort SO Compiler To: Rob Weiss <rob.weiss () g2-inc com> Cc: Snort Sigs <snort-sigs () lists sourceforge net> Shared Object rules have their own makefile. Build snort and save the resultant directory tree. Update the SO Makefile to point to that directory and set the proper version and make should work fine. The build process will automatically dump the stub rules files in the same directory as your build. Those are the files to copy to be loaded by snort somewhere and the shared object files need to be placed in the directory specified in your snort.conf. Thanks, Patrick We are looking at how to compile the rules into SOs to distribute them to our snort instances. The docs are hard to follow and it seems like whatever process that is available is not working for us at the moment. Is there a concise guide? Does snort, itself, dump the rules into SOs? Or does it only dump the SOs that were initially loaded into snort? Hope this is not too confusing. Thanks, Rob. ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Give your users amazing mobile app experiences with Intel XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2-D/3-D games for multiple OSs. Then get your creation into app stores sooner, with many ways to monetize. http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort SO Compiler Rob Weiss (Nov 17)
- Re: Snort SO Compiler wkitty42 (Nov 17)
- Re: Snort SO Compiler Y M (Nov 17)
- Re: Snort SO Compiler Patrick Mullen (Nov 17)
- Re: Snort SO Compiler Rob Weiss (Nov 17)
- Re: Snort SO Compiler Patrick Mullen (Nov 17)
- Re: Snort SO Compiler Y M (Nov 17)
- Re: Snort SO Compiler Joel Esler (jesler) (Nov 17)
- Re: Snort SO Compiler Rob Weiss (Nov 17)
- Re: Snort SO Compiler Patrick Mullen (Nov 17)
- Re: Snort SO Compiler Patrick Mullen (Nov 17)
- Re: Snort SO Compiler Rob Weiss (Nov 17)
- Re: Snort SO Compiler wkitty42 (Nov 17)