Snort mailing list archives
Re: pulledpork V0.7.0 not updating the ../rules/*.rules files
From: "Michael Steele" <michaels () winsnort com>
Date: Sat, 8 Aug 2015 11:22:54 -0400
Pulled pork can either leave the original rule groups intact, or by default place all the rules (categorized) into one file. You might try looking at this tutorial and it should give you an idea of how to setup Pulledpork on UNIX, even though its written for Windows. http://www.winsnort.com/tutorials/article/8-installing-automated-rule-manage ment-using-pulledpork/ Kindest regards, Michael... WINSNORT.com Management Team Member -- ****************** Established ~ 2001 ******************* * Visit Us @ http://www.winsnort.com * * ~~ FREE WinIDS Snort installation guides ~~ * * ~~ FREE support forums ~~ * * Snort: Open Source Network IDS - http://www.snort.org * ********************************************************* -----Original Message----- From: Charlie [mailto:ForFun2000 () hotmail com] Sent: Saturday, August 8, 2015 5:29 AM To: snort-users () lists sourceforge net Subject: [Snort-users] pulledpork V0.7.0 not updating the ../rules/*.rules files Hi When I run pulledpork, this is what happens: Prepping rules from snortrules-snapshot-2975.tar.gz for work.... extracting contents of /tmp/snortrules-snapshot-2975.tar.gz... Ignoring plaintext rules: deleted.rules Extracted: /tha_rules/VRT-indicator-compromise.rules Extracted: /tha_rules/VRT-file-executable.rules ... Extracted: /tha_rules/VRT-server-iis.rules Reading rules... Reading rules... Cleanup.... removed 170 temporary snort files or directories from /tmp/tha_rules! Blacklist version is unchanged, not updating! Setting Flowbit State.... Enabled 57 flowbits Done Writing /usr/local/snort/rules/snort.rules.... Done Generating sid-msg.map.... Done Writing v1 /usr/local/snort/etc/sid-msg.map.... Done Writing /var/log/sid_changes.log.... Done Rule Stats... New:-------47 Deleted:---16 Enabled Rules:----26218 Dropped Rules:----0 Disabled Rules:---21141 Total Rules:------47359 No IP Blacklist Changes Done <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< I can see that in the ../snort/rules directory, the snort.rules files has been updated BUT none of the smaller *.rules files like app-detect.rules, attack-responses.rules and so on are. Is this correct as I was expecting the snort.rules to be broken down in its many *.rules files? If this is correct, should the snort.conf file have a: include $RULE_PATH/snort.rules rather than include $RULE_PATH/app-detect.rules include $RULE_PATH/attack-responses.rules ... Thanks in advance ---------------------------------------------------------------------------- -- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- pulledpork V0.7.0 not updating the ../rules/*.rules files Charlie (Aug 08)
- Re: pulledpork V0.7.0 not updating the ../rules/*.rules files James Lay (Aug 08)
- Re: pulledpork V0.7.0 not updating the ../rules/*.rules files Michael Steele (Aug 08)
- Re: pulledpork V0.7.0 not updating the ../rules/*.rules files Shirkdog (Aug 08)