[Snort-devel] [Bug #131641] include directives do not work right.

shawn . moyer shawn at ...232...
Fri Feb 9 02:39:50 EST 2001

Martin Roesch wrote:
> I'm having a hard time making sense of this bug report, does anyone else
> know what it's saying?  Is this person trying to detect IDS152 or pass
> it?  From the description below it appears that everything is working
> fine (i.e. pass rules are considered before alert rules when -o is
> specified, regardless of relative ordering of the rules).

If I'm reading this right, it sounds like when he / she puts a pass rule
in a separate file called from vision.conf (or whatever) via "include
<foo>" the pass rule doesn't trigger, but if it's put directly in the
main config (vision.conf in this case) pass will trigger, and the alert

My pass rules are all in a main snort.conf which then has "include" for
various -lib files, which works fine. Would having "include" get hit
after everything in the main config, even with -o?


s h a w n   m o y e r
shawn at ...232...

More information about the Snort-devel mailing list