Snort mailing list archives
Setting up Snort Rules (for a first timer)
From: Ibrahim Ahmed via Snort-users <snort-users () lists snort org>
Date: Tue, 3 Oct 2017 22:14:45 -0700
Hi everyone, First time snort user here. A question about setting up the rules in Snort 2.9.9. snort.conf lists the following under its *Step #7: 'Customize your rule se*t' section. *# site specific rulesinclude $RULE_PATH/local.rulesinclude $RULE_PATH/app-detect.rulesinclude $RULE_PATH/attack-responses.rulesinclude $RULE_PATH/backdoor.rules* I see that all of these rules, '*app-detect*', '*attack-responses*', etc are fleshed out (as single rules, not files) in the 'community.rules' package that is downloaded from the Snort website. However, it looks like snort.conf treats them as individual files. Hence my following compile error *ERROR: etc/../rules/app-detect.rules(0) Unable to open rules file "etc/../rules/app-detect.rules": No such file or directory*. I'd appreciate an explanation of how the community.rules is to be integrated into my Snort directory. Many thanks, Ibrahim
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Setting up Snort Rules (for a first timer) Ibrahim Ahmed via Snort-users (Oct 03)