[Snort-users] Upgrade to 2.9.7.0 results in Pulledpork not generating stub rules

Y M snort at ...15979...
Tue Nov 11 15:52:16 EST 2014


> To: snort at ...15979...
> Subject: RE: [Snort-users] Upgrade to 2.9.7.0 results in Pulledpork not  generating stub rules
> Date: Tue, 11 Nov 2014 13:46:41 -0700
> From: jlay at ...13475...
> CC: snort-users at lists.sourceforge.net
> 
> On 2014-11-11 13:43, Y M wrote:
> >> To: snort-users at lists.sourceforge.net
> >> Date: Tue, 11 Nov 2014 13:37:26 -0700
> >> From: jlay at ...13475...
> >> Subject: Re: [Snort-users] Upgrade to 2.9.7.0 results in Pulledpork
> > not generating stub rules
> >>
> >> On 2014-11-11 13:33, Joel Esler (jesler) wrote:
> >> > Looks like you are trying to use 2962 rules with 2970 or
> > something.
> >> >
> >> > --
> >> > JOEL ESLER Sent from my iPhone
> >> >
> >> > On Nov 11, 2014, at 3:12 PM, James Lay <jlay at ...13475...
> >> > [6]>
> >> > wrote:
> >> >
> >> >> Topic says it:
> >> >>
> >> >> Generating Stub Rules....
> >> >> An error occurred: WARNING: No dynamic libraries found in
> >> >> directory /usr/local/lib/snort_dynamicrules.
> >> >>
> >> >> Indeed after clearing out snort_dynamicrules after:
> >> >>
> >> >> An error occurred: ERROR: The dynamic detection library
> >> >> "/usr/local/lib/snort_dynamicrules/web-activex.so" version 1.0
> >> >> compiled
> >> >> with dynamic engine library version 2.1 isn't compatible with the
> >> >> current dynamic engine library
> >> >> "/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 2.4.
> >> >>
> >> >> I'm using VRT ruleset...has something changes since 2.9.6.2?
> > Thank
> >> >> you.
> >> >>
> >> >> James
> >> >>
> >>
> >> Maybe I need to blow out the rules....my pp run shows:
> >>
> >> Checking latest MD5 for snortrules-snapshot-2970.tar.gz....
> >> Rules tarball download of snortrules-snapshot-2970.tar.gz....
> >>
> >> So not sure at this point...I'll try nuking the rules..thanks for
> >> looking Joel.
> >>
> >> James
> >
> > Try manually deleting the old .so rules and then copy the new ones.
> > Thats what I did on the dev box and it was a smooth upgrade.
> >
> > YM
> 
> Thanks YM..can you refresh my memory on how to create the so rules 
> manually?  Been using PP too long I guess :)  Thanks again.
> 
> James

They should be included in the rules tarball itself:
cp so_rules/precompiled/<distro>/<archi>/2.9.7.0/* /snort/path/lib/snort_dynamicrules/
or if your want to just generate the stub files:
/usr/local/bin/snort -c /usr/local/etc/snort.conf --dump-dynamic-rules=/tmp
YM 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20141111/932c3f53/attachment.html>


More information about the Snort-users mailing list