Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Dynamic rules not read

From: xinland66 () gmail com
Date: Wed, 14 Oct 2015 16:49:38 -0400

I have configured to use pulledpork to dowload the rules. But seems the dynamic rules are not used. Can somebody help 
to let me know what I missed?

Here is snort output:
+-----------------------[rate-filter-rules]------------------------------------
Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 2.4  <Build 1>
 Parsing Rules file "/etc/snort/snort.conf"
 Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-java.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-mail.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-pdf.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/indicator-shellcode.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/os-windows.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-flash.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-image.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-oracle.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-other.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-iis.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/malware-other.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/exploit-kit.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-nntp.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/pua-p2p.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-other.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/browser-other.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-tftp.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/netbios.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/malware-cnc.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-other.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-multimedia.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/policy-social.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-apache.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-snmp.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-webapp.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/browser-ie.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/server-mysql.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-dns.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/os-linux.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/protocol-voip.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/file-office.so...
   Loading dynamic detection library /usr/local/lib/snort_dynamicrules/os-other.so...
   Finished Loading all dynamic detection libs from /usr/local/lib/snort_dynamicrules

  Processing blacklist file /etc/snort/rules.blacklist
 8302 Snort rules read
   8152 detection rules
     150 decoder rules
    0 preprocessor rules
0 Dynamic rules

Here is my snort.conf
# Step #4: Configure dynamic loaded libraries.
# For more information, see Snort Manual, Configuring Snort - Dynamic Modules
###################################################

# path to dynamic preprocessor libraries
dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/

# path to base preprocessor engine
dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so

# path to dynamic rules libraries
dynamicdetection directory /usr/local/lib/snort_dynamicrules



include $RULE_PATH/VRT-SO-browser-ie.rules
include $RULE_PATH/VRT-SO-browser-other.rules
include $RULE_PATH/VRT-SO-exploit-kit.rules
include $RULE_PATH/VRT-SO-file-flash.rules
include $RULE_PATH/VRT-SO-file-image.rules
include $RULE_PATH/VRT-SO-file-java.rules
include $RULE_PATH/VRT-SO-file-multimedia.rules
include $RULE_PATH/VRT-SO-file-office.rules
include $RULE_PATH/VRT-SO-file-other.rules
include $RULE_PATH/VRT-SO-file-pdf.rules
include $RULE_PATH/VRT-SO-indicator-shellcode.rules
include $RULE_PATH/VRT-SO-malware-cnc.rules
include $RULE_PATH/VRT-SO-malware-other.rules
include $RULE_PATH/VRT-SO-netbios.rules
include $RULE_PATH/VRT-SO-os-linux.rules
include $RULE_PATH/VRT-SO-os-other.rules
include $RULE_PATH/VRT-SO-os-windows.rules
include $RULE_PATH/VRT-SO-policy-social.rules
include $RULE_PATH/VRT-SO-protocol-dns.rules
include $RULE_PATH/VRT-SO-protocol-nntp.rules
include $RULE_PATH/VRT-SO-protocol-other.rules
include $RULE_PATH/VRT-SO-protocol-snmp.rules
include $RULE_PATH/VRT-SO-protocol-tftp.rules
include $RULE_PATH/VRT-SO-protocol-voip.rules
include $RULE_PATH/VRT-SO-pua-p2p.rules
include $RULE_PATH/VRT-SO-server-apache.rules
include $RULE_PATH/VRT-SO-server-iis.rules
include $RULE_PATH/VRT-SO-server-mail.rules
include $RULE_PATH/VRT-SO-server-mysql.rules
include $RULE_PATH/VRT-SO-server-oracle.rules
include $RULE_PATH/VRT-SO-server-other.rules
include $RULE_PATH/VRT-SO-server-webapp.rules 


Thanks,
KL
------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: