If you need to dump the shared object rules stub to a directory, you must use the -dump-dynamic-rules command line option. These rule stub files are used in conjunction with the shared object rules. The path can be relative or absolute.
/usr/local/bin/snort -c /usr/local/etc/snort.conf \
--dump-dynamic-rules=/tmp
This path can also be configured in the snort.conf using the config option dump-dynamic-rules-path as follows:
config dump-dynamic-rules-path: /tmp/sorules
The path configured by command line has precedence over the one configured using dump-dynamic-rules-path.
/usr/local/bin/snort -c /usr/local/etc/snort.conf \
--dump-dynamic-rules
snort.conf:
config dump-dynamic-rules-path: /tmp/sorules
In the above mentioned scenario the dump path is set to /tmp/sorules.