Home page logo
/

snort logo Snort mailing list archives

Re: Unable to create stub so rules files
From: "C. L. Martinez" <carlopmart () gmail com>
Date: Wed, 28 Nov 2012 07:48:44 +0000

On Tue, Nov 27, 2012 at 4:17 PM, Peter Bates <peter.bates () ucl ac uk> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 27/11/2012 16:04, C. L. Martinez wrote:
           Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 1.16  <Build 18>
           Rules Object: nntp  Version 1.0  <Build 1>
           Rules Object: imap  Version 1.0  <Build 1>

According to this, shared objects are loaded ...

Yes, looks like mine.

If you run PP it should write your SO rules now
and you can include it.

No idea why the use of var didn't work - possibly
someone from Sourcefire can explain.

- --

Nop, It doesn't works using PP:

Checking latest MD5 for snortrules-snapshot-2931.tar.gz....
        They Match
        Done!
Prepping rules from snortrules-snapshot-2931.tar.gz for work....
        Done!
Checking latest MD5 for emerging.rules.tar.gz....
        They Match
        Done!
Prepping rules from emerging.rules.tar.gz for work....
        Done!
Reading rules...
Generating Stub Rules....
        An error occurred: ERROR:
/data/config/etc/idpsnort01/rules/VRT-backdoor.rules(0) Unable to open
rules file "/data/config/etc/idpsnort01/rules/VRT-backdoor.rules": No
such file or directory.

        An error occurred: Fatal Error, Quitting..

        Done
Reading rules...

But using "snort -c /data/config/etc/idpsnort01/snort.conf
--dump-dynamic-rules=/data/config/etc/idpsnort01/so_rules", works ok,
now.

Somebody knows if it is possible to generate new sid-msg.map once stub
rules are created??

------------------------------------------------------------------------------
Keep yourself connected to Go Parallel: 
INSIGHTS What's next for parallel hardware, programming and related areas?
Interviews and blogs by thought leaders keep you ahead of the curve.
http://goparallel.sourceforge.net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]