[Snort-users] Unable to use dynamicrules on CentOS 6.4 x86_64
wkitty42 at ...14940...
Fri Jul 5 18:03:13 EDT 2013
On 7/5/2013 09:20, Jaspal wrote:
> On Friday 05 July 2013 05:47 PM, waldo kitty wrote:
>> On 7/5/2013 05:47, Jaspal wrote:
>>> I am trying to use the dynamic rules present in snort-rules-snapshot-2495 with
>>> snort-2.9.5 on a CentOS 6.4 x86_64 Amazon EC2 VM.
>> is this "snort-2.9.5" a typo? if not, then that's part of your problem... in
>> many cases you cannot mix rules for one version of snort with a different
>> version of snort... the dynamic rules are definitely an example of this...
> Thanks for the response.
> It's not a typo. That's the latest tar on the site and I could not find
> sources of older versions. ( Why not a give a link ? )
i do not know what they do not keep links to the source of other currently
supported versions of snort... someone from snort or VRT will have to answer
i decided to look a bit deeper into compiling one's own so_rules files... i
don't know if what i have done is right or complete but the so rules did get
compiled, snort has accepted them and snort has created the stub files from its
--dump-dynamic-rules option... i've posted a query to this list about that in
when it comes to compiling the so dynamic shared rules, it should be no
different than compiling snort, itself... they are, after all, just C code
dynamic libraries... the key is to use the proper dynamic engine library to
compile/link them with... that library code should come with snort since it has
to use it, too... with that in mind, you've got your snort 2.9.5 code, compiled
it and it works... now you have a rule set and you should be able to compile the
so dynamic shared rules by pointing them to the snort source library so they can
pick up at least that needed dynamic engine file... i have done this and only
made one change to the so_rules/src/Makefile... i'm working on a document about
on this as well... when i've some answers to some questions i hope to complete
this document and my testing so that i can share it with others...
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-users