[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-users
Subject: Re: [Snort-users] Manually updating Snort "rules"
From: "Gallo, Frank C. (Student)" <fgallo001 () my ! wilmu ! edu>
Date: 2018-09-28 21:56:11
Message-ID: SN6PR04MB454390697F49AD668B222725CEEC0 () SN6PR04MB4543 ! namprd04 ! prod ! outlook ! com
[Download RAW message or body]
no
________________________________
From: Snort-users <snort-users-bounces@lists.snort.org> on behalf of Leroy =
Tennison <leroy@datavoiceint.com>
Sent: Friday, September 28, 2018 5:46:22 PM
To: Snort-users@lists.snort.org
Subject: [Snort-users] Manually updating Snort "rules"
I started out using the community version then became a registered (not sub=
scription) user. Downloaded snortrules-snapshot-29111.tar.gz and noticed t=
hat the structure was different. I'm assuming that the files under the arc=
hive's etc directory go in /etc/snort (Ubuntu 16) and the files under the a=
rchive's rules directory go under /etc/snort/rules. Beyond that I'm uncert=
ain where the archive's preproc_rules and files under the so_rules tree go =
(I suspect so_rules/src isn't needed but I am curious about where so_rules/=
precompiled/Ubuntu-16-4/x86-64/2.9.11.1/*.so goes). If there's something (=
a document/web page/etc) explaining this please point me to it. Otherwise =
if you have an answer please reply.
I'm in a situation where using an automated tool isn't desirable. Thanks f=
or any and all help.
Join us
at the 2018 Momentum User Conference!
Register
here
Leroy Tennison
Network Information/Cyber Security Specialist
E: leroy@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www.datavoiceint.com>
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.
_______________________________________________
Snort-users mailing list
Snort-users@lists.snort.org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users
To unsubscribe, send an email to:
snort-users-leave@lists.snort.org
Please visit http://blog.snort.org to stay current on all the latest Snort =
news!
Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-e=
tiquette
[Attachment #3 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} \
--></style> </head>
<body dir="ltr">
<div id="divtagdefaultwrapper" \
style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;" \
dir="ltr"> <p style="margin-top:0;margin-bottom:0">no<br>
</p>
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" \
style="font-size:11pt" color="#000000"><b>From:</b> Snort-users \
<snort-users-bounces@lists.snort.org> on behalf of Leroy Tennison \
<leroy@datavoiceint.com><br> <b>Sent:</b> Friday, September 28, 2018 5:46:22 \
PM<br> <b>To:</b> Snort-users@lists.snort.org<br>
<b>Subject:</b> [Snort-users] Manually updating Snort "rules"</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">I started out using the community version then became a \
registered (not subscription) user. Downloaded snortrules-snapshot-29111.tar.gz \
and noticed that the structure was different. I'm assuming that the files under \
the archive's etc directory go in /etc/snort (Ubuntu 16) and the files under the \
archive's rules directory go under /etc/snort/rules. Beyond that I'm uncertain \
where the archive's preproc_rules and files under the so_rules tree go (I suspect \
so_rules/src isn't needed but I am curious about where \
so_rules/precompiled/Ubuntu-16-4/x86-64/2.9.11.1/*.so goes). If there's \
something (a document/web page/etc) explaining this please point me to it. \
Otherwise if you have an answer please reply.<br> <br>
I'm in a situation where using an automated tool isn't desirable. Thanks for \
any and all help.<br> <br>
<br>
Join us<br>
at the 2018 Momentum User Conference!<br>
Register<br>
here<br>
Leroy Tennison<br>
Network Information/Cyber Security Specialist<br>
E: leroy@datavoiceint.com<br>
2220 Bush Dr<br>
McKinney, Texas<br>
75070<br>
<a href="http://www.datavoiceint.com">www.datavoiceint.com</a><br>
TThis message has been sent on behalf<br>
of a company that is part of the Harris Operating Group of<br>
Constellation Software Inc. These companies are listed<br>
here<br>
.<br>
If you prefer not to be contacted by Harris<br>
Operating Group<br>
please notify us<br>
.<br>
This message is intended exclusively for the<br>
individual or entity to which it is addressed. This communication<br>
may contain information that is proprietary, privileged or<br>
confidential or otherwise legally exempt from disclosure. If you are<br>
not the named addressee, you are not authorized to read, print,<br>
retain, copy or disseminate this message or any part of it. If you<br>
have received this message in error, please notify the sender<br>
immediately by e-mail and delete all copies of the<br>
message.<br>
<br>
_______________________________________________<br>
Snort-users mailing list<br>
Snort-users@lists.snort.org<br>
Go to this URL to change user options or unsubscribe:<br>
<a href="https://lists.snort.org/mailman/listinfo/snort-users">https://lists.snort.org/mailman/listinfo/snort-users</a><br>
<br>
To unsubscribe, send an email to:<br>
snort-users-leave@lists.snort.org<br>
<br>
Please visit <a href="http://blog.snort.org">http://blog.snort.org</a> to stay \
current on all the latest Snort news!<br> <br>
Please follow these rules: <a \
href="https://snort.org/faq/what-is-the-mailing-list-etiquette"> \
https://snort.org/faq/what-is-the-mailing-list-etiquette</a><br> </div>
</span></font></div>
</body>
</html>
_______________________________________________
Snort-users mailing list
Snort-users@lists.snort.org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users
To unsubscribe, send an email to:
snort-users-leave@lists.snort.org
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
--===============0404470490871308453==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic