[Snort-users] Manually updating Snort "rules"

Joel Esler (jesler) jesler at cisco.com
Sun Sep 30 21:10:43 EDT 2018

You should use pulledpork to handle this for you.  You don't have to automate pulled pork if you don't wish, but it will handle all of the rule management for you.

> On Sep 28, 2018, at 5:46 PM, Leroy Tennison <leroy at datavoiceint.com> wrote:
> I started out using the community version then became a registered (not subscription) user.  Downloaded snortrules-snapshot-29111.tar.gz and noticed that the structure was different.  I'm assuming that the files under the archive's etc directory go in /etc/snort (Ubuntu 16) and the files under the archive's rules directory go under /etc/snort/rules.  Beyond that I'm uncertain where the archive's preproc_rules and files under the so_rules tree go (I suspect so_rules/src isn't needed but I am curious about where so_rules/precompiled/Ubuntu-16-4/x86-64/*.so goes).  If there's something (a document/web page/etc) explaining this please point me to it.  Otherwise if you have an answer please reply.
> I'm in a situation where using an automated tool isn't desirable.  Thanks for any and all help.
> Join us
> at the 2018 Momentum User Conference!
> Register
> here
> Leroy Tennison
> Network Information/Cyber Security Specialist
> E: leroy at datavoiceint.com
> 2220 Bush Dr
> McKinney, Texas
> 75070
> www.datavoiceint.com
> TThis message has been sent on behalf
> of a company that is part of the Harris Operating Group of
> Constellation Software Inc. These companies are listed
> here
> .
> If you prefer not to be contacted by Harris
> Operating Group
> please notify us
> .
> This message is intended exclusively for the
> individual or entity to which it is addressed. This communication
> may contain information that is proprietary, privileged or
> confidential or otherwise legally exempt from disclosure. If you are
> not the named addressee, you are not authorized to read, print,
> retain, copy or disseminate this message or any part of it. If you
> have received this message in error, please notify the sender
> immediately by e-mail and delete all copies of the
> message.
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
> 	To unsubscribe, send an email to:
> 	snort-users-leave at lists.snort.org
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

More information about the Snort-users mailing list