[Snort-devel] [Bug #131641] include directives do not work right.

Martin Roesch roesch at ...48...
Sat Feb 10 01:31:46 EST 2001


Yeah, they're all read in and then sorted by action and protocol.  I
just tested this and it's working fine here.  Anyone else have a similar
report?

    -Marty


"shawn . moyer" wrote:
> 
> Martin Roesch wrote:
> >
> > I'm having a hard time making sense of this bug report, does anyone else
> > know what it's saying?  Is this person trying to detect IDS152 or pass
> > it?  From the description below it appears that everything is working
> > fine (i.e. pass rules are considered before alert rules when -o is
> > specified, regardless of relative ordering of the rules).
> 
> If I'm reading this right, it sounds like when he / she puts a pass rule
> in a separate file called from vision.conf (or whatever) via "include
> <foo>" the pass rule doesn't trigger, but if it's put directly in the
> main config (vision.conf in this case) pass will trigger, and the alert
> won't.
> 
> My pass rules are all in a main snort.conf which then has "include" for
> various -lib files, which works fine. Would having "include" get hit
> after everything in the main config, even with -o?
> 
> --shawn
> 
> --
> s h a w n   m o y e r
> shawn at ...232...

--
Martin Roesch
roesch at ...48...
http://www.snort.org




More information about the Snort-devel mailing list