Quick question on snort's default rules directory

  • pfsense 1.2.3 release
    snort 2.8.6, pkg 1.27

    When I go into the rule updates tab it displays a warning that /usr/local/etc/snort/rules directory is empty.  I did verify this by going into the shell and indeed there's nothing there.

    The thing is I already have a subdirectory created for my interface and the rules are stored there at:  /usr/local/etc/snort/snort_29189_fxp0/rules

    I've edited the /usr/local/etc/snort/snort.conf file, down around line 60, to:  var RULE PATH ../snort_29189_fxp0/rules but I can't see any difference.  If I press the update rules button it doesn't download anything and I'd prefer to get rid of that warning.  Should I just move all the rules to the default ../rules directory instead of my interface subdirectory?

  • Rebel Alliance Developer Netgate

    Keep an eye on this thread for updates:


    I'll try to fix this since it seems the usual maintainer hasn't been around in a while.

  • Thanks, I actually have been keeping an eye on the main thread you linked to.

    I realize my question may seem pretty stupid to others here, but I guess the main thing I was trying to ask was there any benefit to storing my rules in the interface's subdirectory rather than the general rules directory?

  • jimp has a proposed fix at the thread he links to above…

Log in to reply