| Search Site |
| Search Rules |
| Account |
| not registered? |
| can't login? |
| user preferences |
 |
 |
|
|||||||||||||||||||
Next: 5.8 How do you Up: 5 Shared Object Rules Previous: 5.6 How do you
5.7 How do you compile a downloaded SO rule program?
Currently, dynamic rules are supported in non-Windows platforms only.
When you download the most current set of rules, you will see three directories - rules, docs (as usual), and a new directory named so_rules. That is where the files for the SO rules live.
For instance, for this current release, you will see files:
p2p.c MakefileThe file p2p.c is C source code using a Snort API to create the SO rule. You can view this and use this as an example for how to write a dynamic rule.
The Makefile generates the new dynamic rule and shared object module and contains reference to directories for include files. It actually briefly starts and uses Snort to generate the dynamic rule.
In the so_rules directory execute the command:
make
This will produce the shared object file for the rule named p2p.so
and a file named Snort_Dynamic_Rule_Example.rules. The file
Snort_Dynamic_Rule_Example.rules contains any SO rules generated
from the make process. If you look at the current one, you will see
that it contains a Snort message, some metadata, a sid and gid and
information to find the shared object module that you will created.
There are some other files created in the process, but you don't need to do anything special with them.
Next: 5.8 How do you Up: 5 Shared Object Rules Previous: 5.6 How do you Nigel Houghton 2006-10-02
| site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved. |