[Snort-users] Snort not loading dynamic rules?

Andy Berryman aberryman at ...14765...
Wed Feb 10 17:01:42 EST 2010


Commented out the so.rules and it worked for that. 

 

Feb 10 21:25:44 (none) snort[28150]:
+++++++++++++++++++++++++++++++++++++++++++++++++++

Feb 10 21:25:44 (none) snort[28150]: Initializing rule chains...

Feb 10 21:26:00 (none) snort[28150]: 5660 Snort rules read

Feb 10 21:26:00 (none) snort[28150]:     5418 detection rules

Feb 10 21:26:00 (none) snort[28150]:     65 decoder rules

Feb 10 21:26:00 (none) snort[28150]:     177 preprocessor rules

Feb 10 21:26:00 (none) snort[28150]: 5660 Option Chains linked into 595
Chain Headers

Feb 10 21:26:00 (none) snort[28150]: 0 Dynamic rules

Feb 10 21:26:00 (none) snort[28150]: +++++++++++++++++++

 

 

Commented back in:

 

Feb 10 21:25:44 (none) snort[28150]:
+++++++++++++++++++++++++++++++++++++++++++++++++++

Feb 10 21:25:44 (none) snort[28150]: Initializing rule chains...

Feb 10 21:26:00 (none) snort[28150]: 5660 Snort rules read

Feb 10 21:26:00 (none) snort[28150]:     5418 detection rules

Feb 10 21:26:00 (none) snort[28150]:     65 decoder rules

Feb 10 21:26:00 (none) snort[28150]:     177 preprocessor rules

Feb 10 21:26:00 (none) snort[28150]: 5660 Option Chains linked into 595
Chain Headers

Feb 10 21:26:00 (none) snort[28150]: 0 Dynamic rules

Feb 10 21:26:00 (none) snort[28150]: +++++++++++++++++++

 

 

So, what you're getting at is the Dynamic rules will always show zero.
Is there a real way to tell if they were loaded? Or is that what
commenting out the stub rules(so_rules) does?

 

Andy 

 

From: Joel Esler [mailto:jesler at ...1935...] 
Sent: Wednesday, February 10, 2010 3:19 PM
To: Andy Berryman
Cc: snort-users at lists.sourceforge.net List
Subject: Re: [Snort-users] Snort not loading dynamic rules?

 

Andy,

 

Just talked to someone in dev.  The "Dynamic Rules" are the
'activate/dynamic' kind.  Which are not the Shared Object kind.  

 

But to your below point, comment out the stub rules in your snort.conf.
The lines you have that use "SORULE_PATH"

 

J

 


###############################################################################
This message from Cymtec Systems, Inc. contains confidential information and is solely for the use of the recipient(s) named above.  If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this message in error and that any review, disclosure, copying, distribution or use of the contents of this message is strictly prohibited.  If you have received this message in error, please destroy it immediately and notify Cymtec Systems, Inc. by telephone at +1.314.993.8700 or by return e-mail.                    
###############################################################################
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100210/5b8f2d93/attachment.html>


More information about the Snort-users mailing list