[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-users
Subject: Re: [Snort-users] test rule
From: "Al Lewis (allewi)" <allewi () cisco ! com>
Date: 2015-01-22 17:58:38
Message-ID: 789F50FCB3014340B798E7CD25851FBE04BDF083 () xmb-rcd-x10 ! cisco ! com
[Download RAW message or body]
[Attachment #2 (text/plain)]
It may be easier (cleaner) to put your rule in local.conf and include the local.conf \
file/path into your snort.conf
For example:
include "path to your rules file"/local.rules
Should be added to your snort.conf
Hope this helps.
Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi@cisco.com
From: zT [mailto:zzahra88@gmail.com]
Sent: Thursday, January 22, 2015 11:55 AM
To: snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] test rule
i locate my rule file in preproc_rules folder and this path is in snort.conf is this \
enough to compile my rule?
On Thu, Jan 22, 2015 at 7:54 PM, zT <zzahra88@gmail.com<mailto:zzahra88@gmail.com>> \
wrote: hello all, how can test my own rules? could be my rule file placed in specific \
location? i search for this question in archive questions of snort like this links \
but i did not see any answer. \
http://sourceforge.net/p/snort/mailman/message/26948483/ \
http://sourceforge.net/p/snort/mailman/message/17158581/
thanks in advanced
[Attachment #3 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Georgia;
panose-1:2 4 5 2 5 4 5 2 3 3;}
@font-face
{font-family:Candara;
panose-1:2 14 5 2 3 3 3 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">It \
may be easier (cleaner) to put your rule in local.conf and include the local.conf \
file/path into your snort.conf<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">For \
example: <o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">include \
"path to your rules file"/local.rules<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Should \
be added to your snort.conf<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hope \
this helps.<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span \
style="font-family:"Candara","sans-serif";color:#1F497D">Albert \
Lewis<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-family:"Candara","sans-serif";color:#888888">QA \
Software Engineer<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-family:"Georgia","serif";color:#999999">SOURCE</span><b><span \
style="font-family:"Georgia","serif";color:red">fire</span></b><span \
style="font-family:"Georgia","serif";color:#999999">, Inc. \
</span><span style="font-family:"Georgia","serif";color:#888888">now \
part of </span> <b><span \
style="font-family:"Georgia","serif";color:#31849B">Cisco</span></b><span \
style="font-family:"Georgia","serif";color:#888888"><o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-family:"Candara","sans-serif";color:#999999">9780 \
Patuxent Woods Drive<br> Columbia, MD 21046 </span><span \
style="font-family:"Candara","sans-serif";color:#888888"><o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-family:"Candara","sans-serif";color:#999999">Phone: \
(office) </span><span \
style="font-family:"Candara","sans-serif";color:#1F497D">443.430.7112<o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-family:"Candara","sans-serif";color:#999999">Email: \
</span><span style="font-family:"Candara","sans-serif";color:#1F497D">allewi@cisco.com</span><span \
style="font-family:"Candara","sans-serif";color:#4F81BD"> </span><span \
style="font-family:"Candara","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span \
style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> zT \
[mailto:zzahra88@gmail.com] <br>
<b>Sent:</b> Thursday, January 22, 2015 11:55 AM<br>
<b>To:</b> snort-users@lists.sourceforge.net<br>
<b>Subject:</b> Re: [Snort-users] test rule<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">i locate my rule file in preproc_rules folder and this path \
is in snort.conf is this enough to compile my rule? <o:p></o:p></p> </div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Thu, Jan 22, 2015 at 7:54 PM, zT <<a \
href="mailto:zzahra88@gmail.com" target="_blank">zzahra88@gmail.com</a>> \
wrote:<o:p></o:p></p> <div>
<p class="MsoNormal">hello all, how can test my own rules? could be my rule file \
placed in specific location?<o:p></o:p></p> <div>
<p class="MsoNormal">i search for this question in archive questions of snort like \
this links but i did not see any answer. <o:p></o:p></p> </div>
<div>
<p class="MsoNormal"><a \
href="http://sourceforge.net/p/snort/mailman/message/26948483/" \
target="_blank">http://sourceforge.net/p/snort/mailman/message/26948483/</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><a \
href="http://sourceforge.net/p/snort/mailman/message/17158581/" \
target="_blank">http://sourceforge.net/p/snort/mailman/message/17158581/</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">thanks in advanced<o:p></o:p></p>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</body>
</html>
[Attachment #4 (--===============6698863175339170050==)]
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic