[Snort-sigs] I'm getting close, I smell more bacon

Joel Esler jesler at ...435...
Fri Sep 14 11:10:18 EDT 2012


JJ, can you help out here?

On Sep 14, 2012, at 3:34 AM, PR <oly562 at ...2420...> wrote:

> ok, i commented out ET rules. bah, i will deal with that later.
> 
> 
> 1. i ran
> 
> ./pulledpork.pl -s /etc/snort/so_rules -p /usr/local/bin/snort
> -C /etc/snort.conf -i /etc/snort/disablesid.conf
> -b /etc/snort/dropsid.conf -e /etc/snort/enablesid.conf
> -M /etc/snort/modifysid.conf -e /etc/snort/enablesid.conf
> -c /etc/snort/pulledpork.conf -o /etc/snort/rules/
> 
> 
> 2. I got:
> 
> Use of uninitialized value $arch in regexp compilation
> at ./pulledpork.pl line 271.
> 	Done!
> Reading rules...
> Generating Stub Rules....
> Something failed in the gen_stubs sub, please verify your shared object
> config!
> 	Done
> Reading rules...
> Reading rules...
> Processing /etc/snort/enablesid.conf....
> 	Modified 0 rules
> 	Done
> Processing /etc/snort/dropsid.conf....
> 	Modified 0 rules
> 	Done
> Processing /etc/snort/disablesid.conf....
> 	Modified 0 rules
> 	Done
> Modifying Sids....
> 	Done!
> Setting Flowbit State....
> 	Enabled 11 flowbits
> 	Enabled 1 flowbits
> 	Done
> Writing /etc/snort/rules....
> Unable to write /etc/snort/rules - Is a directory
> at ./pulledpork.pl line 1083.
> 	main::rule_write('HASH(0x8f682ac)', '/etc/snort/rules', 1, undef)
> called at ./pulledpork.pl line 1870
> 
> 
> 3. also, do i need to define all that stuff in cmdline, couldn't i just
> uncomment the /etc/snort/disablesid.confs in pulledpork.conf? just
> wondering. 
> 
> 
> Thanks!!! any input is really appreciated. i'm learning more and more
> every day. Pretty soon i will be asking about rule creation lol
> 
> 
> 





More information about the Snort-sigs mailing list