[Snort-devel] xml thoughts

Hammerle, Tye F. Tye.F.Hammerle at ...161...
Thu Feb 8 16:05:47 EST 2001

I would agree with your ideas. Being a 'savage' myself I don't particularly
think xml is going to buy me anything. I'm catching up after weeks on the
road so I haven't seen the 'positive' points for xml rules yet. 


-----Original Message-----
From: A.L.Lambert [mailto:alambert at ...89...]
Sent: Wednesday, February 07, 2001 11:36 AM
To: Snort Developers List
Subject: Re: [Snort-devel] xml thoughts

Some random ideas against XML.

	XML files induce a level of complexity that I, for one, do not
wish to deal with.  More experienced developers/users will probably
disagree with me on the fact that XML is _more_ complicated than formatted
flat ASCII, but trust me, from the 'ignorant savage' point of view (which
I consider myself to be a good represenative of), a flat ASCII file is far
easier to work with (especially when using the hog.vim syntax highlighting
file :)

	Automated file manipulation is trivial with the current file
format.  I myself am probably one of the most clueless programmers on the
planet (really; I suck, trust me), and I can/have whipped up some simple
code without too much problem to do everything from add "react:" tags to
the appropo rules, change the "flags:" statments, snag the latest
snort.org and vision.conf rulesets, rip out the rules that have
historically caused an inordinate amount of false positives, combine the
two, rip out duplicates, and other such tasks.  Writing the same kind of
code for XML is an order of magnitude more complicated (at least from my
point of view), and short of spending a lot of time improving my skills in
this area, I would become relegated to either manually making changes, or
hoping someone else writes a tool to accomplish what I want.

	I'm not disagreeing with any of the positive points made about XML
(from a technical perspective, they sound quite reasonable to me), just
saying that some of us farther down the scale of talent/experience will
not have our lives improved, and will probably have them complicated even
more than they already are, if we convert wholesale to XML.

	Anyway, just my $0.02.


Snort-devel mailing list
Snort-devel at lists.sourceforge.net

More information about the Snort-devel mailing list