Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: need assistance - no so rules with pulled pork

From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Thu, 5 Mar 2015 12:12:46 +0000
For .so rules: http://vrt-blog.snort.org/2009/01/using-vrt-certified-shared-object-rules.html

To run snort in IDS mode you need to add ā€œ-cā€ and point to a conf file so it can load the preprocessors:

http://manual.snort.org/node6.html



Hope this helps.


Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com

From: Rata Pelua [mailto:intesnetmiosolo () gmail com]
Sent: Wednesday, March 04, 2015 6:49 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] need assistance - no so rules with pulled pork


Hi Everybody,


I'm having different issues when I have tried to configure pulledpork in my raspberry pi (Raspbian) ,
Firstly , it didn't generate the snort.rules , but I tried several times, tried to check the pulledpork.conf
rename the path file, and after it, It successfully generated the snort.rules but not the .so rules ...

please, Is there anybody that it can help me?

Also, I would like to activate the predecessor for port scan, I have tried to include a code in the snort.conf file 
(since 426-447) but when I ran snort -b

I got a warning:

WARNING: No preprocessors configured for policy 0.



Attached there are my pulledpork.conf and snort.conf files, and output in -verbose mode .

Thank you in advance,
Atai



------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: