Home page logo

snort logo Snort mailing list archives

Re: Unable to create stub so rules files
From: "C. L. Martinez" <carlopmart () gmail com>
Date: Wed, 28 Nov 2012 07:48:44 +0000

On Tue, Nov 27, 2012 at 4:17 PM, Peter Bates <peter.bates () ucl ac uk> wrote:
Hash: SHA1

Hello all

On 27/11/2012 16:04, C. L. Martinez wrote:
           Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 1.16  <Build 18>
           Rules Object: nntp  Version 1.0  <Build 1>
           Rules Object: imap  Version 1.0  <Build 1>

According to this, shared objects are loaded ...

Yes, looks like mine.

If you run PP it should write your SO rules now
and you can include it.

No idea why the use of var didn't work - possibly
someone from Sourcefire can explain.

- --

Nop, It doesn't works using PP:

Checking latest MD5 for snortrules-snapshot-2931.tar.gz....
        They Match
Prepping rules from snortrules-snapshot-2931.tar.gz for work....
Checking latest MD5 for emerging.rules.tar.gz....
        They Match
Prepping rules from emerging.rules.tar.gz for work....
Reading rules...
Generating Stub Rules....
        An error occurred: ERROR:
/data/config/etc/idpsnort01/rules/VRT-backdoor.rules(0) Unable to open
rules file "/data/config/etc/idpsnort01/rules/VRT-backdoor.rules": No
such file or directory.

        An error occurred: Fatal Error, Quitting..

Reading rules...

But using "snort -c /data/config/etc/idpsnort01/snort.conf
--dump-dynamic-rules=/data/config/etc/idpsnort01/so_rules", works ok,

Somebody knows if it is possible to generate new sid-msg.map once stub
rules are created??

Keep yourself connected to Go Parallel: 
INSIGHTS What's next for parallel hardware, programming and related areas?
Interviews and blogs by thought leaders keep you ahead of the curve.
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]