[Snort-users] need assistance - no so rules with pulled pork

Al Lewis (allewi) allewi at ...589...
Thu Mar 5 07:12:46 EST 2015


For .so rules: http://vrt-blog.snort.org/2009/01/using-vrt-certified-shared-object-rules.html

To run snort in IDS mode you need to add “-c” and point to a conf file so it can load the preprocessors:

http://manual.snort.org/node6.html



Hope this helps.


Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi at ...589...

From: Rata Pelua [mailto:intesnetmiosolo at ...11827...]
Sent: Wednesday, March 04, 2015 6:49 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] need assistance - no so rules with pulled pork


Hi Everybody,


I'm having different issues when I have tried to configure pulledpork in my raspberry pi (Raspbian) ,
Firstly , it didn't generate the snort.rules , but I tried several times, tried to check the pulledpork.conf
rename the path file, and after it, It successfully generated the snort.rules but not the .so rules ...

please, Is there anybody that it can help me?

Also, I would like to activate the predecessor for port scan, I have tried to include a code in the snort.conf file (since 426-447) but when I ran snort -b

I got a warning:

WARNING: No preprocessors configured for policy 0.



Attached there are my pulledpork.conf and snort.conf files, and output in -verbose mode .

Thank you in advance,
Atai


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150305/937afeb4/attachment.html>


More information about the Snort-users mailing list