[Snort-devel] Compile so rules in C language
pmullen at ...402...
Thu Sep 12 09:22:24 EDT 2013
Hello again, Mayur!
Most of the answer to your question is in the blog post I pointed you
to in July, located here --
Once you've written the C the way you want it, to get it into snort is
fairly straightforward, assuming you've gotten your other Shared
Object rules to work.
1) make sure you follow the proper naming scheme for the file. I'll
say to just call it "misc_mayur.c" to make it easy but the full
description is in the blog post.
2) put the SO rule, misc_mayur.c, into the directory with your other
shared object rules
3) type `make` in the directory with the SO rule files
If things don't work from there, there are four things to check --
1) SNORT_VERSION in the Makefile in the SO rules directory needs to be
set for your version of snort
2) BASEDIR in the Makefile needs to point to your snort sources. I
*think* that you need to have compiled snort in that directory.
3) "dynamicdetection directory" in your snort.conf needs to point to
the directory where you have the compiled shared object rules (the
same directory as the shared objects source by default)
4) SO_RULE_PATH in your snort.conf needs to point to the directory
with your shared object stub rules (the same directory as the shared
object source by default)
On Wed, Sep 11, 2013 at 5:33 AM, Mayur Patil <ram.nath241089 at ...2499...> wrote:
> I have generated rules in C language of shared object.
> Is there any tutorial or blog post on
> how to compile C language source code to generate our own
> "shared object rules".
> I also followed this thread but not get sufficient insight/understanding
> Seeking for guidance,
> Thanks !!
Response Research Manager
More information about the Snort-devel