Snort mailing list archives
pulledpork V0.7.0 not updating the ../rules/*.rules files
From: Charlie <ForFun2000 () hotmail com>
Date: Sat, 8 Aug 2015 10:29:01 +0100
Hi When I run pulledpork, this is what happens: Prepping rules from snortrules-snapshot-2975.tar.gz for work.... extracting contents of /tmp/snortrules-snapshot-2975.tar.gz... Ignoring plaintext rules: deleted.rules Extracted: /tha_rules/VRT-indicator-compromise.rules Extracted: /tha_rules/VRT-file-executable.rules ... Extracted: /tha_rules/VRT-server-iis.rules Reading rules... Reading rules... Cleanup.... removed 170 temporary snort files or directories from /tmp/tha_rules! Blacklist version is unchanged, not updating! Setting Flowbit State.... Enabled 57 flowbits Done Writing /usr/local/snort/rules/snort.rules.... Done Generating sid-msg.map.... Done Writing v1 /usr/local/snort/etc/sid-msg.map.... Done Writing /var/log/sid_changes.log.... Done Rule Stats... New:-------47 Deleted:---16 Enabled Rules:----26218 Dropped Rules:----0 Disabled Rules:---21141 Total Rules:------47359 No IP Blacklist Changes Done <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< I can see that in the ../snort/rules directory, the snort.rules files has been updated BUT none of the smaller *.rules files like app-detect.rules, attack-responses.rules and so on are. Is this correct as I was expecting the snort.rules to be broken down in its many *.rules files? If this is correct, should the snort.conf file have a: include $RULE_PATH/snort.rules rather than include $RULE_PATH/app-detect.rules include $RULE_PATH/attack-responses.rules ... Thanks in advance ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- pulledpork V0.7.0 not updating the ../rules/*.rules files Charlie (Aug 08)
- Re: pulledpork V0.7.0 not updating the ../rules/*.rules files James Lay (Aug 08)
- Re: pulledpork V0.7.0 not updating the ../rules/*.rules files Michael Steele (Aug 08)
- Re: pulledpork V0.7.0 not updating the ../rules/*.rules files Shirkdog (Aug 08)