Home page logo
/

snort logo Snort mailing list archives

Re: so_rules are not processed by pulledpork underFreeBSD 9.1
From: "Seth Dunn" <seth () d2ms com>
Date: Thu, 9 May 2013 09:52:59 -0400

One other thing to look at:
        Snort Config File: /data/config/etc/idpsnort01/snort.conf
        Snort Path is: /usr/local/bin/snort
        SO Output Path is: /data/config/etc/idpsnort01/so_rules/

And your error shows::
An error occurred: ERROR:
/data/config/etc/idpsnort01/rules/VRT-app-detect.rules(0) Unable to open
rules file
"/data/config/etc/idpsnort01/rules/VRT-app-detect.rules": No such file
or directory.

Is there a /rules/ or /so_rules/ folder in which PP is working with?

-----Original Message-----
From: C. L. Martinez [mailto:carlopmart () gmail com] 
Sent: Thursday, May 09, 2013 9:26 AM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] so_rules are not processed by pulledpork
underFreeBSD 9.1

On Thu, May 9, 2013 at 1:14 PM, C. L. Martinez <carlopmart () gmail com>
wrote:
Hi all,

 I ma trying to manage all snort rules using pulledpork under FreeBSD.
All works ok, except so_rules: never they are processed.

 Pulledpork output:


    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.6.2dev the Cigar Pig <////~
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2012 JJ Cummings
  @_/        /  66\_  cummingsj () gmail com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Config File Variable Debug
/data/config/etc/idpsnort01/pulledpork/pulledpork.conf
        snort_path = /usr/local/bin/snort
        enablesid =
/data/config/etc/idpsnort01/pulledpork/enablesid.conf
        distro = FreeBSD-9-0
        temp_path = /tmp
        version = 0.6.1
        sorule_path = /data/config/etc/idpsnort01/so_rules/
        rule_path = /data/config/etc/idpsnort01/rules/all.rules
        ignore = deleted.rules,experimental.rules,local.rules
        rule_url = ARRAY(0x80258e5a0)
        sid_msg_version = 1
        sid_changelog = /tmp/sid_changes.log
        out_path = /data/config/etc/idpsnort01/rules/
        sid_msg = /data/config/etc/idpsnort01/sid-msg.map
        ips_policy = security
        config_path = /data/config/etc/idpsnort01/snort.conf
MISC (CLI and Autovar) Variable Debug:
        Process flag specified!
        arch Def is: x86-64
        Config Path is:
/data/config/etc/idpsnort01/pulledpork/pulledpork.conf
        Distro Def is: FreeBSD-9-0
        Keep rulefiles flag is Set
        Keep rulefiles path: /data/config/etc/idpsnort01/rules/
        security policy specified
        No Download Flag is Set
        Rules file is: /data/config/etc/idpsnort01/rules/all.rules
        Path to enablesid file:
/data/config/etc/idpsnort01/pulledpork/enablesid.conf
        sid changes will be logged to: /tmp/sid_changes.log
        sid-msg.map Output Path is:
/data/config/etc/idpsnort01/sid-msg.map
        Snort Version is: 2.9.4.6
        Snort Config File: /data/config/etc/idpsnort01/snort.conf
        Snort Path is: /usr/local/bin/snort
        SO Output Path is: /data/config/etc/idpsnort01/so_rules/
        Will process SO rules
        Verbose Flag is Set
        Base URL is:
https://www.snort.org/reg-rules/|snortrules-snapshot-2945.tar.gz|69c3a
bc8e00c849390192c3e07666782df49abda
Prepping rules from snortrules-snapshot-2945.tar.gz for work....
        extracting contents of /tmp/snortrules-snapshot-2945.tar.gz...
        Ignoring plaintext rules: deleted.rules
        Ignoring plaintext rules: experimental.rules
        Ignoring plaintext rules: local.rules
        Extracted: /tha_rules/VRT-server-other.rules
        Extracted: /tha_rules/VRT-pua-adware.rules
        Extracted: /tha_rules/VRT-misc.rules
        Extracted: /tha_rules/VRT-malware-backdoor.rules
        Extracted: /tha_rules/VRT-indicator-compromise.rules
        Extracted: /tha_rules/VRT-file-pdf.rules
        Extracted: /tha_rules/VRT-content-replace.rules
        Extracted: /tha_rules/VRT-file-identify.rules
        Extracted: /tha_rules/VRT-browser-webkit.rules
        Extracted: /tha_rules/VRT-specific-threats.rules
        Extracted: /tha_rules/VRT-file-office.rules
        Extracted: /tha_rules/VRT-rpc.rules
        Extracted: /tha_rules/VRT-dns.rules
        Extracted: /tha_rules/VRT-os-other.rules
        Extracted: /tha_rules/VRT-snmp.rules
        Extracted: /tha_rules/VRT-policy-other.rules
        Extracted: /tha_rules/VRT-web-coldfusion.rules
        Extracted: /tha_rules/VRT-protocol-voip.rules
        Extracted: /tha_rules/VRT-file-image.rules
        Extracted: /tha_rules/VRT-chat.rules
        Extracted: /tha_rules/VRT-voip.rules
        Extracted: /tha_rules/VRT-os-solaris.rules
        Extracted: /tha_rules/VRT-pop3.rules
        Extracted: /tha_rules/VRT-server-mssql.rules
        Extracted: /tha_rules/VRT-preprocessor.rules
        Extracted: /tha_rules/VRT-policy-social.rules
        Extracted: /tha_rules/VRT-protocol-ftp.rules
        Extracted: /tha_rules/VRT-server-webapp.rules
        Extracted: /tha_rules/VRT-server-oracle.rules
        Extracted: /tha_rules/VRT-scada.rules
        Extracted: /tha_rules/VRT-other-ids.rules
        Extracted: /tha_rules/VRT-server-apache.rules
        Extracted: /tha_rules/VRT-sql.rules
        Extracted: /tha_rules/VRT-icmp.rules
        Extracted: /tha_rules/VRT-file-multimedia.rules
        Extracted: /tha_rules/VRT-pua-p2p.rules
        Extracted: /tha_rules/VRT-info.rules
        Extracted: /tha_rules/VRT-pua-other.rules
        Extracted: /tha_rules/VRT-server-mail.rules
        Extracted: /tha_rules/VRT-netbios.rules
        Extracted: /tha_rules/VRT-smtp.rules
        Extracted: /tha_rules/VRT-protocol-icmp.rules
        Extracted: /tha_rules/VRT-sensitive-data.rules
        Extracted: /tha_rules/VRT-indicator-shellcode.rules
        Extracted: /tha_rules/VRT-web-iis.rules
        Extracted: /tha_rules/VRT-protocol-finger.rules
        Extracted: /tha_rules/VRT-botnet-cnc.rules
        Extracted: /tha_rules/VRT-pua-toolbars.rules
        Extracted: /tha_rules/VRT-mysql.rules
        Extracted: /tha_rules/VRT-virus.rules
        Extracted: /tha_rules/VRT-protocol-imap.rules
        Extracted: /tha_rules/VRT-malware-cnc.rules
        Extracted: /tha_rules/VRT-web-misc.rules
        Extracted: /tha_rules/VRT-tftp.rules
        Extracted: /tha_rules/VRT-blacklist.rules
        Extracted: /tha_rules/VRT-shellcode.rules
        Extracted: /tha_rules/VRT-spyware-put.rules
        Extracted: /tha_rules/VRT-exploit.rules
        Extracted: /tha_rules/VRT-protocol-services.rules
        Extracted: /tha_rules/VRT-browser-ie.rules
        Extracted: /tha_rules/VRT-os-windows.rules
        Extracted: /tha_rules/VRT-ddos.rules
        Extracted: /tha_rules/VRT-attack-responses.rules
        Extracted: /tha_rules/VRT-browser-firefox.rules
        Extracted: /tha_rules/VRT-browser-chrome.rules
        Extracted: /tha_rules/VRT-telnet.rules
        Extracted: /tha_rules/VRT-browser-other.rules
        Extracted: /tha_rules/VRT-icmp-info.rules
        Extracted: /tha_rules/VRT-os-linux.rules
        Extracted: /tha_rules/VRT-indicator-obfuscation.rules
        Extracted: /tha_rules/VRT-policy-spam.rules
        Extracted: /tha_rules/VRT-malware-tools.rules
        Extracted: /tha_rules/VRT-x11.rules
        Extracted: /tha_rules/VRT-p2p.rules
        Extracted: /tha_rules/VRT-scan.rules
        Extracted: /tha_rules/VRT-ftp.rules
        Extracted: /tha_rules/VRT-malware-other.rules
        Extracted: /tha_rules/VRT-web-php.rules
        Extracted: /tha_rules/VRT-web-activex.rules
        Extracted: /tha_rules/VRT-decoder.rules
        Extracted: /tha_rules/VRT-web-frontpage.rules
        Extracted: /tha_rules/VRT-rservices.rules
        Extracted: /tha_rules/VRT-file-executable.rules
        Extracted: /tha_rules/VRT-file-other.rules
        Extracted: /tha_rules/VRT-backdoor.rules
        Extracted: /tha_rules/VRT-multimedia.rules
        Extracted: /tha_rules/VRT-web-client.rules
        Extracted: /tha_rules/VRT-exploit-kit.rules
        Extracted: /tha_rules/VRT-protocol-pop.rules
        Extracted: /tha_rules/VRT-browser-plugins.rules
        Extracted: /tha_rules/VRT-policy.rules
        Extracted: /tha_rules/VRT-web-attacks.rules
        Extracted: /tha_rules/VRT-imap.rules
        Extracted: /tha_rules/VRT-file-flash.rules
        Extracted: /tha_rules/VRT-nntp.rules
        Extracted: /tha_rules/VRT-dos.rules
        Extracted: /tha_rules/VRT-finger.rules
        Extracted: /tha_rules/VRT-phishing-spam.rules
        Extracted: /tha_rules/VRT-server-mysql.rules
        Extracted: /tha_rules/VRT-oracle.rules
        Extracted: /tha_rules/VRT-server-iis.rules
        Extracted: /tha_rules/VRT-app-detect.rules
        Extracted: /tha_rules/VRT-policy-multimedia.rules
        Extracted: /tha_rules/VRT-pop2.rules
        Extracted: /tha_rules/VRT-bad-traffic.rules
        Extracted: /tha_rules/VRT-web-cgi.rules
        Reading rules...
        Reading rules...
Cleanup....
        removed 108 temporary snort files or directories from
/tmp/tha_rules!
Activating security rulesets....
        Done
Processing /data/config/etc/idpsnort01/pulledpork/enablesid.conf....
        Modified 0 rules
        Done
Setting Flowbit State....
        Enabled 851 flowbits
        Enabled 29 flowbits
        Enabled 4 flowbits
        Enabled 2 flowbits
        Done
Writing rules to unique destination files....
        Writing rules to /data/config/etc/idpsnort01/rules/
        Done
Generating sid-msg.map....
        Done
Writing v1 /data/config/etc/idpsnort01/sid-msg.map....
        Done
Fly Piggy Fly!

And my pulledpork.conf:

#rule_url=http://rules.emergingthreats.net/|emerging.rules.tar.gz|open
#rule_url=https://s3.amazonaws.com/snort-org/www/rules/community/|comm
unity-rules.tar.gz|Community

# Ignored rules
ignore=deleted.rules,experimental.rules,local.rules

# What is our temp path, be sure this path has a bit of space for rule

# extraction and manipulation, no trailing slash temp_path=/tmp

# What path you want the .rules file containing all of the processed #

rules? (this value has changed as of 0.4.0, previously we copied # all

of the rules, now we are creating a single large rules file # but 
still keeping a separate file for your so_rules!
rule_path=/data/config/etc/idpsnort01/rules/all.rules

# Output path for download rules
out_path=/data/config/etc/idpsnort01/rules/

# Location for sid-msg.map file
sid_msg=/data/config/etc/idpsnort01/sid-msg.map

# New for by2 and more advanced msg mapping.  Valid options are 1 or 2

# specify version 2 if you are running barnyard2.2+.  Otherwise use 1
sid_msg_version=1

# Defined path for sid changelog file
sid_changelog=/tmp/sid_changes.log

# What path you want the .so files to actually go to *i.e. where is it

# defined in your snort.conf, needs a trailing slash 
sorule_path=/data/config/etc/idpsnort01/so_rules/

# Define your distro, this is for the precompiled shared object libs!
distro=FreeBSD-9-0

# Path to the snort binary, we need this to generate the stub files 
snort_path=/usr/local/bin/snort

# We need to know where your snort.conf file lives so that we can # 
generate the stub files 
config_path=/data/config/etc/idpsnort01/snort.conf

# Define the path to the pid files of any running process that you 
want to # HUP after PP has completed its run.
#pid_path=/var/run/snort_em5.pid

# If you are using IP Reputation and getting some public lists, you 
will probably # want to tell pulledpork where your blacklist file 
lives, PP automagically will # de-dupe any duplicate IPs from 
different sources.
#black_list=/data/config/etc/idpsnort01/iplists/default.blacklist
#IPRVersion=/data/config/etc/idpsnort01/iplists/

# Define local rules files
#local_rules=/data/config/etc/idpsnort01/rules/apt1.rules


# Here you can specify what rule modification files to run
automatically.
# simply uncomment and specify the apt path.
enablesid=/data/config/etc/idpsnort01/pulledpork/enablesid.conf
# dropsid=/usr/local/etc/snort/dropsid.conf
#disablesid=/data/config/etc/idpsnort01/pulledpork/disablesid.conf
# modifysid=/usr/local/etc/snort/modifysid.conf

ips_policy=security



####### Remember, a number of these values are optional.. if you don't

####### need to process so_rules, simply comment out the so_rule 
section ####### you can also specify -T at runtime to process only GID
1 rules.

version=0.6.1

Uhmm strange. .. Forcing downloading rules, log output is different:


    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.6.2dev the Cigar Pig <////~
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2012 JJ Cummings
  @_/        /  66\_  cummingsj () gmail com
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Config File Variable Debug
/data/config/etc/idpsnort01/pulledpork/pulledpork.conf
        snort_path = /usr/local/bin/snort
        enablesid =
/data/config/etc/idpsnort01/pulledpork/enablesid.conf
        distro = FreeBSD-9-0
        temp_path = /tmp
        version = 0.6.1
        sorule_path = /data/config/etc/idpsnort01/so_rules/
        rule_path = /data/config/etc/idpsnort01/rules/all.rules
        ignore = deleted.rules,experimental.rules,local.rules
        rule_url = ARRAY(0x80258e570)
        sid_msg_version = 1
        sid_changelog = /tmp/sid_changes.log
        out_path = /data/config/etc/idpsnort01/rules/
        sid_msg = /data/config/etc/idpsnort01/sid-msg.map
        ips_policy = security
        config_path = /data/config/etc/idpsnort01/snort.conf
** GET
https://www.snort.org/reg-rules/snortrules-snapshot-2945.tar.gz.md5==>
200 OK (1s)
** GET https://www.snort.org/reg-rules/snortrules-snapshot-2945.tar.gz/
==> 302 Found (2s)
** GET
https://s3.amazonaws.com/snort-org/www/rules/20130409/snortrules-snapsho
t-2945.tar.gz?AWSAccessKeyId=AKIAJ65S5YX6KA26VRJQ&Expires=1368105643&Sig
nature=AG8ZKYqhh3Rq%2FM%2FSqfAW1ef77Hc%3D
==> 200 OK (36s)
MISC (CLI and Autovar) Variable Debug:
        arch Def is: x86-64
        Config Path is:
/data/config/etc/idpsnort01/pulledpork/pulledpork.conf
        Distro Def is: FreeBSD-9-0
        Keep rulefiles flag is Set
        Keep rulefiles path: /data/config/etc/idpsnort01/rules/
        security policy specified
        Rules file is: /data/config/etc/idpsnort01/rules/all.rules
        Path to enablesid file:
/data/config/etc/idpsnort01/pulledpork/enablesid.conf
        sid changes will be logged to: /tmp/sid_changes.log
        sid-msg.map Output Path is:
/data/config/etc/idpsnort01/sid-msg.map
        Snort Version is: 2.9.4.6
        Snort Config File: /data/config/etc/idpsnort01/snort.conf
        Snort Path is: /usr/local/bin/snort
        SO Output Path is: /data/config/etc/idpsnort01/so_rules/
        Will process SO rules
        Verbose Flag is Set
        Base URL is:
https://www.snort.org/reg-rules/|snortrules-snapshot-2945.tar.gz|69c3abc
8e00c849390192c3e07666782df49abda
Checking latest MD5 for snortrules-snapshot-2945.tar.gz....
        Fetching md5sum for: snortrules-snapshot-2945.tar.gz.md5
        most recent rules file digest: e52a09218f5f8d81789b5b68694b58a7
Rules tarball download of snortrules-snapshot-2945.tar.gz....
        Fetching rules file: snortrules-snapshot-2945.tar.gz
        storing file at: /tmp/snortrules-snapshot-2945.tar.gz

        current local rules file  digest:
e52a09218f5f8d81789b5b68694b58a7
        so I'm not gonna download the rules file again suckas!
Prepping rules from snortrules-snapshot-2945.tar.gz for work....
        extracting contents of /tmp/snortrules-snapshot-2945.tar.gz...
        Ignoring plaintext rules: deleted.rules
        Ignoring plaintext rules: experimental.rules
        Ignoring plaintext rules: local.rules
        Extracted: /tha_rules/VRT-server-other.rules
        Extracted: /tha_rules/VRT-pua-adware.rules
        Extracted: /tha_rules/VRT-misc.rules
        Extracted: /tha_rules/VRT-malware-backdoor.rules
        Extracted: /tha_rules/VRT-indicator-compromise.rules
        Extracted: /tha_rules/VRT-file-pdf.rules
        Extracted: /tha_rules/VRT-content-replace.rules
        Extracted: /tha_rules/VRT-file-identify.rules
        Extracted: /tha_rules/VRT-browser-webkit.rules
        Extracted: /tha_rules/VRT-specific-threats.rules
        Extracted: /tha_rules/VRT-file-office.rules
        Extracted: /tha_rules/VRT-rpc.rules
        Extracted: /tha_rules/VRT-dns.rules
        Extracted: /tha_rules/VRT-os-other.rules
        Extracted: /tha_rules/VRT-snmp.rules
        Extracted: /tha_rules/VRT-policy-other.rules
        Extracted: /tha_rules/VRT-web-coldfusion.rules
        Extracted: /tha_rules/VRT-protocol-voip.rules
        Extracted: /tha_rules/VRT-file-image.rules
        Extracted: /tha_rules/VRT-chat.rules
        Extracted: /tha_rules/VRT-voip.rules
        Extracted: /tha_rules/VRT-os-solaris.rules
        Extracted: /tha_rules/VRT-pop3.rules
        Extracted: /tha_rules/VRT-server-mssql.rules
        Extracted: /tha_rules/VRT-preprocessor.rules
        Extracted: /tha_rules/VRT-policy-social.rules
        Extracted: /tha_rules/VRT-protocol-ftp.rules
        Extracted: /tha_rules/VRT-server-webapp.rules
        Extracted: /tha_rules/VRT-server-oracle.rules
        Extracted: /tha_rules/VRT-scada.rules
        Extracted: /tha_rules/VRT-other-ids.rules
        Extracted: /tha_rules/VRT-server-apache.rules
        Extracted: /tha_rules/VRT-sql.rules
        Extracted: /tha_rules/VRT-icmp.rules
        Extracted: /tha_rules/VRT-file-multimedia.rules
        Extracted: /tha_rules/VRT-pua-p2p.rules
        Extracted: /tha_rules/VRT-info.rules
        Extracted: /tha_rules/VRT-pua-other.rules
        Extracted: /tha_rules/VRT-server-mail.rules
        Extracted: /tha_rules/VRT-netbios.rules
        Extracted: /tha_rules/VRT-smtp.rules
        Extracted: /tha_rules/VRT-protocol-icmp.rules
        Extracted: /tha_rules/VRT-sensitive-data.rules
        Extracted: /tha_rules/VRT-indicator-shellcode.rules
        Extracted: /tha_rules/VRT-web-iis.rules
        Extracted: /tha_rules/VRT-protocol-finger.rules
        Extracted: /tha_rules/VRT-botnet-cnc.rules
        Extracted: /tha_rules/VRT-pua-toolbars.rules
        Extracted: /tha_rules/VRT-mysql.rules
        Extracted: /tha_rules/VRT-virus.rules
        Extracted: /tha_rules/VRT-protocol-imap.rules
        Extracted: /tha_rules/VRT-malware-cnc.rules
        Extracted: /tha_rules/VRT-web-misc.rules
        Extracted: /tha_rules/VRT-tftp.rules
        Extracted: /tha_rules/VRT-blacklist.rules
        Extracted: /tha_rules/VRT-shellcode.rules
        Extracted: /tha_rules/VRT-spyware-put.rules
        Extracted: /tha_rules/VRT-exploit.rules
        Extracted: /tha_rules/VRT-protocol-services.rules
        Extracted: /tha_rules/VRT-browser-ie.rules
        Extracted: /tha_rules/VRT-os-windows.rules
        Extracted: /tha_rules/VRT-ddos.rules
        Extracted: /tha_rules/VRT-attack-responses.rules
        Extracted: /tha_rules/VRT-browser-firefox.rules
        Extracted: /tha_rules/VRT-browser-chrome.rules
        Extracted: /tha_rules/VRT-telnet.rules
        Extracted: /tha_rules/VRT-browser-other.rules
        Extracted: /tha_rules/VRT-icmp-info.rules
        Extracted: /tha_rules/VRT-os-linux.rules
        Extracted: /tha_rules/VRT-indicator-obfuscation.rules
        Extracted: /tha_rules/VRT-policy-spam.rules
        Extracted: /tha_rules/VRT-malware-tools.rules
        Extracted: /tha_rules/VRT-x11.rules
        Extracted: /tha_rules/VRT-p2p.rules
        Extracted: /tha_rules/VRT-scan.rules
        Extracted: /tha_rules/VRT-ftp.rules
        Extracted: /tha_rules/VRT-malware-other.rules
        Extracted: /tha_rules/VRT-web-php.rules
        Extracted: /tha_rules/VRT-web-activex.rules
        Extracted: /tha_rules/VRT-decoder.rules
        Extracted: /tha_rules/VRT-web-frontpage.rules
        Extracted: /tha_rules/VRT-rservices.rules
        Extracted: /tha_rules/VRT-file-executable.rules
        Extracted: /tha_rules/VRT-file-other.rules
        Extracted: /tha_rules/VRT-backdoor.rules
        Extracted: /tha_rules/VRT-multimedia.rules
        Extracted: /tha_rules/VRT-web-client.rules
        Extracted: /tha_rules/VRT-exploit-kit.rules
        Extracted: /tha_rules/VRT-protocol-pop.rules
        Extracted: /tha_rules/VRT-browser-plugins.rules
        Extracted: /tha_rules/VRT-policy.rules
        Extracted: /tha_rules/VRT-web-attacks.rules
        Extracted: /tha_rules/VRT-imap.rules
        Extracted: /tha_rules/VRT-file-flash.rules
        Extracted: /tha_rules/VRT-nntp.rules
        Extracted: /tha_rules/VRT-dos.rules
        Extracted: /tha_rules/VRT-finger.rules
        Extracted: /tha_rules/VRT-phishing-spam.rules
        Extracted: /tha_rules/VRT-server-mysql.rules
        Extracted: /tha_rules/VRT-oracle.rules
        Extracted: /tha_rules/VRT-server-iis.rules
        Extracted: /tha_rules/VRT-app-detect.rules
        Extracted: /tha_rules/VRT-policy-multimedia.rules
        Extracted: /tha_rules/VRT-pop2.rules
        Extracted: /tha_rules/VRT-bad-traffic.rules
        Extracted: /tha_rules/VRT-web-cgi.rules
        Reading rules...
Generating Stub Rules....
        Generating shared object stubs via:/usr/local/bin/snort -c
/data/config/etc/idpsnort01/snort.conf
--dump-dynamic-rules=/tmp/tha_rules/so_rules/
        An error occurred: ERROR:
/data/config/etc/idpsnort01/rules/VRT-app-detect.rules(0) Unable to open
rules file
"/data/config/etc/idpsnort01/rules/VRT-app-detect.rules": No such file
or directory.
        An error occurred: Fatal Error, Quitting..

        Done
        Reading rules...
        Reading rules...
Cleanup....
        removed 108 temporary snort files or directories from
/tmp/tha_rules!
Activating security rulesets....
        Done
Processing /data/config/etc/idpsnort01/pulledpork/enablesid.conf....
        Modified 0 rules
        Done
Setting Flowbit State....
        Enabled 851 flowbits
        Enabled 29 flowbits
        Enabled 4 flowbits
        Enabled 2 flowbits
        Done
Writing rules to unique destination files....
        Writing rules to /data/config/etc/idpsnort01/rules/
        Done
Generating sid-msg.map....
        Done
Writing v1 /data/config/etc/idpsnort01/sid-msg.map....
        Done
Fly Piggy Fly!

------------------------------------------------------------------------
------
Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is
the definitive new guide to graph databases and their applications. This
200-page book is written by three acclaimed leaders in the field. The
early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 
their applications. This 200-page book is written by three acclaimed 
leaders in the field. The early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault