[Snort-users] [snort-user] Confused about so_rules
ram.nath241089 at ...11827...
Wed Sep 4 05:25:03 EDT 2013
If rule files are already present in directory /etc/snort/so_rules
why we need to create them again?
3. Dump the stub rules by issuing the command:
snort -c /etc/snort/snort.conf --dump-dynamic-rules=/etc/snort/so_rules
4. Use a variable to define the path to the stub rules, for example:
var $SO_RULE_PATH /etc/snort/so_rules
My questions are:
*1. What is meant by "dump the stub rules"?*
I have try to compile from source in /so_rules/src directory by giving
command but it is giving error
2. how to compile rules direct so_rules C files?* *and is it necessary that
we need to create text rules for so_rules though we have c language rules??*
I have referred these links
*3. not getting how to compile my own so_rules in C language and use it ?*
I am getting error
snort: Encoded Rule Plugin SID: 17132, GID: 3 not registered
properly. Disabling this rule.
where I have include rule in snort file.
I have referred these links:
Its very confusing,
Please guide me,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users