[Snort-sigs] Sourcefire VRT Certified Snort Rules Update

Nigel Houghton nhoughton at ...435...
Thu Apr 9 09:30:53 EDT 2009


On Thu, Apr 9, 2009 at 4:50 AM, Zultan <zultan at ...1298...> wrote:
> Updated to 2.8.4 today and these rules were not in the latest subscription rule-set for 2.8.
>
> They're in the precompiled .so binaries, but not in the ASCII .rules so_rules files.
>
> DynamicPlugin: Rule [3:15433] not enabled in configuration, rule will not be used.
> DynamicPlugin: Rule [3:15449] not enabled in configuration, rule will not be used.
> DynamicPlugin: Rule [3:15450] not enabled in configuration, rule will not be used
> DynamicPlugin: Rule [3:15451] not enabled in configuration, rule will not be used.
> DynamicPlugin: Rule [3:15452] not enabled in configuration, rule will not be used.
>
> Regards,
>
> Z

http://vrt-sourcefire.blogspot.com/2009/01/using-vrt-certified-shared-object-rules.html


"Dumping the rules

To dump the rule stub files into the required location the
--dump-dynamic-rules option is used like so:

snort -c /usr/local/etc/snort/snort.conf
--dump-dynamic-rules=/usr/local/etc/snort/so_rules

This command tells snort to use the snort.conf file where it will find
the dynamic rule files (thanks to the configuration options above) and
then use those files to generate the stub files and put them into
/usr/local/etc/snort/so_rules/

After this is complete, the rule files appear in the directory."

-- 
Nigel Houghton
Head Mentalist
SF VRT
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/




More information about the Snort-sigs mailing list