[Snort-users] Pulledpork not generating merged rules file on Windows

waldo kitty wkitty42 at ...14940...
Mon Jul 22 15:56:27 EDT 2013


On 7/22/2013 15:34, William Rehnquyst wrote:
[trim]
> Config File Variable Debug c:\winids\pulledpork\etc\pulledpork.conf
> local_rules = c:\winids\snort\rules\local.rules
> dropsid = c:\winids\pulledpork\etc\dropsid.conf
> sid_msg_version = 1
> enablesid = c:\winids\pulledpork\etc\enablesid.conf
> ignore = deleted.rules,experimental.rules,local.rules
> modifysid = c:\winids\pulledpork\etc\modifysid.conf
> docs = c:\winids\inetpub\wwwroot\base\signatures\
> config_path = c:\winids\snort\etc\snort.conf
> disablesid = c:\winids\pulledpork\etc\disablesid.conf
> sorule_path = /usr/local/lib/snort_dynamicrules/
> sid_msg = c:\winids\snort\etc\sid-msg.map
> sid_changelog = c:\winids\snort\log\sid_changes.log
> snort_version = 2.9.4.6
> version = 0.7.0
> temp_path = c:\winids\pulledpork\temp
> rule_url = ARRAY(0x2808a5c)
> ips_policy = security
> rule_path = c:\winids\snort\rules\winids.rules
> distro = FreeBSD-8.1

you are on windows but this says differently... perhaps it is the cause? PP may 
be looking for something from that OS that doesn't exist or is named differently 
in winwhatever ;)

> snort_path = c:\winids\snort\bin\snort.exe
> MISC (CLI and Autovar) Variable Debug:
> Config Path is: c:\winids\pulledpork\etc\pulledpork.conf
> Distro Def is: FreeBSD-8.1

and here it shows again...

> Docs Reference Location is: c:\winids\inetpub\wwwroot\base\signatures\
> security policy specified
> local.rules path is: c:\winids\snort\rules\local.rules
> No Download Flag is Set
> Rules file is: c:\winids\snort\rules\winids.rules
> Path to disablesid file: c:\winids\pulledpork\etc\disablesid.conf
> Path to dropsid file: c:\winids\pulledpork\etc\dropsid.conf
> Path to enablesid file: c:\winids\pulledpork\etc\enablesid.conf
> Path to modifysid file: c:\winids\pulledpork\etc\modifysid.conf
[chomp]



-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list