Snort mailing list archives

Re: Difference between Dynamic library rules vs regular rules in snort.conf?

From: Joel Esler <jesler () sourcefire com>
Date: Wed, 21 Jul 2010 20:45:34 -0400

P.s.

I suggest using pulledpork to manage the rules, as it makes using the SO object rules much easier. 

--
Sent from my iPad

On Jul 21, 2010, at 8:07 PM, "Chan, Wilson" <wchan () honolulu gov> wrote:

What’s the difference from the regular rules vs the so_rules? Can you enable both? Thanks!

 

include RULE_PATH/bad-traffic.rules

include RULE_PATH/chat.rules

include RULE_PATH/dos.rules

include RULE_PATH/exploit.rules

include RULE_PATH/imap.rules

include RULE_PATH/misc.rules

include RULE_PATH/multimedia.rules

include RULE_PATH/netbios.rules

include RULE_PATH/nntp.rules

include RULE_PATH/p2p.rules

include RULE_PATH/smtp.rules

include RULE_PATH/sql.rules

include RULE_PATH/web-activex.rules

include RULE_PATH/web-client.rules

include RULE_PATH/web-misc.rules

 

# dynamic library rules

# include $SO_RULE_PATH/bad-traffic.rules

# include $SO_RULE_PATH/chat.rules

# include $SO_RULE_PATH/dos.rules

# include $SO_RULE_PATH/exploit.rules

# include $SO_RULE_PATH/imap.rules

# include $SO_RULE_PATH/misc.rules

# include $SO_RULE_PATH/multimedia.rules

# include $SO_RULE_PATH/netbios.rules

# include $SO_RULE_PATH/nntp.rules

# include $SO_RULE_PATH/p2p.rules

# include $SO_RULE_PATH/smtp.rules

# include $SO_RULE_PATH/sql.rules

# include $SO_RULE_PATH/web-activex.rules

# include $SO_RULE_PATH/web-client.rules

# include $SO_RULE_PATH/web-misc.rules

 

Wilson Chan

 

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Difference between Dynamic library rules vs regular rules in snort.conf? Chan, Wilson (Jul 21)
- Re: Difference between Dynamic library rules vs regular rules in snort.conf? Joel Esler (Jul 21)
- Re: Difference between Dynamic library rules vs regular rules in snort.conf? Joel Esler (Jul 21)
- Re: Difference between Dynamic library rules vs regular rules in snort.conf? Jefferson, Shawn (Jul 22)
  - Re: Difference between Dynamic library rules vs regular rules in snort.conf? Crook, Parker (Jul 22)
  - Re: Difference between Dynamic library rules vs regular rules in snort.conf? Joel Esler (Jul 22)
    - Re: Difference between Dynamic library rules vs regular rules in snort.conf? Jason Wallace (Jul 22)
    - Re: Difference between Dynamic library rules vs regular rules in snort.conf? Joel Esler (Jul 22)
    - Re: Difference between Dynamic library rules vs regular rules in snort.conf? Alan Ptak (Jul 22)
    - Re: Difference between Dynamic library rules vs regular rules in snort.conf? Jason Wallace (Jul 22)
    - Re: Difference between Dynamic library rules vs regular rules in snort.conf? Joel Esler (Jul 22)
    - Re: Difference between Dynamic library rules vs regular rules in snort.conf? Jason Wallace (Jul 22)
    - Re: Difference between Dynamic library rules vs regular rules in snort.conf? Joel Esler (Jul 22)