Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: so rules

From: JJ Cummings <cummingsj () gmail com>
Date: Wed, 17 Jun 2009 11:18:48 -0600
John, you can certainly do this but be aware that it will not contain all of
the SO_RULES unless you dump them using the method that you have been using.

You can also use pulledpork @ http://code.google.com/p/pulledpork to
automatically generate the stubs while also extracting the rules files and
placing them where you want.. in short, complete rule management that
includes generation of your so stubs.

If you want to know what is there and what is not.. diff the generated stubs
dir vs the prebuilt stubs dir...

JJC

On Wed, Jun 17, 2009 at 9:54 AM, John York <YorkJ () brcc edu> wrote:


Hi

I followed the procedure in
snortrules-snapshot-CURRENT_s/so_rules/src/README to set up my so rules,
and everything appears to work fine.

It has me generate the stub files using
snort -c /usr/local/etc/snort/snort.conf
--dump-dynamic-rules=/usr/local/etc/snort/so_rules

However, I notice that snortrules-snapshot-CURRENT_s/so_rules already
contains a set of stub rules that look pretty similar to what I
generated.  Is there any reason I can't just dump the stub rules from
the tarball directly into my so_rules directory instead of generating
new ones?

Thanks
John



------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: