Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Fwd: pulledpork does not generate so rules

From: xinland66 () gmail com
Date: Thu, 10 Sep 2015 22:40:20 -0400




I have installed snort 2.9.7.5 and pulled pork 0.7.0.
The folder /usr/local/lib/snort_dynamicrules is missing. I have to manually created the folder. Below is the error 
message from Pulledpork. I did not see any so rules and the folder snort_ynamicrules is empty.


Questions

— Should I manually create the snort_dynamicrules  folder or I did something wrong on the installation?
---The conf file says "##### Deprecated - The stubs are now  categorically written to the  single rule file!
 sostub_path=/etc/snort/rules/so_rules.rules”. Should I uncomment this if I use the –k option when running pulledpork?


Error message

Generating Stub Rules....
Generating shared object stubs via:/usr/local/bin/snort -c /etc/snort/snort.conf 
--dump-dynamic-rules=/tmp/tha_rules/so_rules/
An error occurred: WARNING: No dynamic libraries found in directory /usr/local/lib/snort_dynamicrules.

An error occurred: WARNING: ip4 normalizations disabled because not inline.

An error occurred: WARNING: tcp normalizations disabled because not inline.

An error occurred: WARNING: icmp4 normalizations disabled because not inline.

An error occurred: WARNING: ip6 normalizations disabled because not inline.

An error occurred: WARNING: icmp6 normalizations disabled because not inline.

Dumping dynamic rules...
 Finished dumping dynamic rules.
Done 


Below is pulledpork conf file

ignore=deleted.rules,experimental.rules,local.rules
temp_path=/tmp
rule_path=/etc/snort/rules/snort.rules
 out_path=/etc/snort/rules/
local_rules=/etc/snort/rules/local.rules
sid_msg=/etc/snort/sid-msg.map
sid_msg_version=1
sid_changelog=/var/log/sid_changes.log
sorule_path=/usr/local/lib/snort_dynamicrules/
snort_path=/usr/local/bin/snort
config_path=/etc/snort/snort.conf
 sostub_path=/etc/snort/rules/so_rules.rules
distro=Centos-6-7
snort_control=/usr/local/bin/snort_control
 pid_path=/var/run/snort
 enablesid=/etc/snort/enablesid.conf
 dropsid=/etc/snort/dropsid.conf
 disablesid=/etc/snort/disablesid.conf
 modifysid=/etc/snort/modifysid.conf
version=0.7.0


Thanks,
KL

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: