in which file rules is defined not getting alert message

[vija9751]

i want to know where i have to chane the rule
ex: alert tcp any any -> $HOME_NET 9389 (msg:"SS POLICY Active Directory Web Services"; flow:to_server,established; flags:PA; content:"/ActiveDirectoryWebServices/Windows/Enumeration"; classtype:attempted-recon; sid:1000001;) where i have to write exactly

alert tcp any any -> any any (msg:"Feature1"; content:"#JN1"; nocase;

how to get this

05/-22:56:55.056993 [] [1:2019:0] Feature1 [] [Priority: 0] {TCP}
46.20.153.125:80 -> 10.0.2.15:56216

how to get message of Feature1

[vija9751]

i have seen all snort.conf file changes the rule on every file but i couldn't find where in which rule i have to write or change the rule

[nitrogen17]

this is my local.rules directory, try this command.

nano /opt/snort/rules/local.rules

[vija9751]

this is my local.rules directory, try this command.

nano /opt/snort/rules/local.rules

thanks i got that

one thing i want to know in which file that rules has taken the places in snort

[nitrogen17]

i didn't get your question, can you elaborate your question?

[LoveChunHua]

i want to know how to use preprocessor.rules .different from ip