Snort mailing list archives
Re: Unable to create stub so rules files
From: "C. L. Martinez" <carlopmart () gmail com>
Date: Wed, 28 Nov 2012 07:48:44 +0000
On Tue, Nov 27, 2012 at 4:17 PM, Peter Bates <peter.bates () ucl ac uk> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all On 27/11/2012 16:04, C. L. Martinez wrote:Rules Engine: SF_SNORT_DETECTION_ENGINE Version 1.16 <Build 18> Rules Object: nntp Version 1.0 <Build 1> Rules Object: imap Version 1.0 <Build 1> According to this, shared objects are loaded ...Yes, looks like mine. If you run PP it should write your SO rules now and you can include it. No idea why the use of var didn't work - possibly someone from Sourcefire can explain. - --
Nop, It doesn't works using PP:
Checking latest MD5 for snortrules-snapshot-2931.tar.gz....
They Match
Done!
Prepping rules from snortrules-snapshot-2931.tar.gz for work....
Done!
Checking latest MD5 for emerging.rules.tar.gz....
They Match
Done!
Prepping rules from emerging.rules.tar.gz for work....
Done!
Reading rules...
Generating Stub Rules....
An error occurred: ERROR:
/data/config/etc/idpsnort01/rules/VRT-backdoor.rules(0) Unable to open
rules file "/data/config/etc/idpsnort01/rules/VRT-backdoor.rules": No
such file or directory.
An error occurred: Fatal Error, Quitting..
Done
Reading rules...
But using "snort -c /data/config/etc/idpsnort01/snort.conf
--dump-dynamic-rules=/data/config/etc/idpsnort01/so_rules", works ok,
now.
Somebody knows if it is possible to generate new sid-msg.map once stub
rules are created??
------------------------------------------------------------------------------
Keep yourself connected to Go Parallel:
INSIGHTS What's next for parallel hardware, programming and related areas?
Interviews and blogs by thought leaders keep you ahead of the curve.
http://goparallel.sourceforge.net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Unable to create stub so rules files, (continued)
- Re: Unable to create stub so rules files Peter Bates (Nov 27)
- Re: Unable to create stub so rules files Peter Bates (Nov 27)
- Re: Unable to create stub so rules files C. L. Martinez (Nov 27)
- Re: Unable to create stub so rules files Peter Bates (Nov 27)
- Re: Unable to create stub so rules files C. L. Martinez (Nov 27)
- Re: Unable to create stub so rules files Peter Bates (Nov 27)
- Re: Unable to create stub so rules files C. L. Martinez (Nov 27)
- Re: Unable to create stub so rules files Peter Bates (Nov 27)
- Re: Unable to create stub so rules files C. L. Martinez (Nov 27)
- Re: Unable to create stub so rules files Peter Bates (Nov 27)
- Re: Unable to create stub so rules files C. L. Martinez (Nov 27)
- Re: Unable to create stub so rules files Peter Bates (Nov 28)
- Re: Unable to create stub so rules files C. L. Martinez (Nov 28)