[Snort-devel] rules2sql.pl and sql2rules.pl

Martin Roesch roesch at ...48...
Sat Feb 10 23:18:07 EST 2001


I'm ok, you're ok. :)  I envision the XML/DB rules loaders as "Advanced"
add-ons (plugins) to the system, not as the default.  Remember, I have
to get up in front of a few thousand people a year and teach them how to
use this thing, I don't want to be walking them through a mass of XML
encoded "stuff" on 30 foot projection screens.  The existing format is
easy to teach if somewhat more difficult to code correctly, but it's
easy and people are used to it and (perhaps most importantly) it's
becoming something of a standard within the security community for
describing packet-based intrusion events.  We especially don't want to
screw that up. :)

     -Marty

Todd Lewis wrote:
> 
> If a db is ok, then is xml ok?
> 
> --
> Todd Lewis                                       tlewis at ...120...
> 
>   God grant me the courage not to give up what I think is right, even
>   though I think it is hopeless.          - Admiral Chester W. Nimitz
> 
> On Mon, 29 Jan 2001, Martin Roesch wrote:
> 
> > On a similar note, I'd like at some point to start thinking about
> > modifying Snort to be able to read rules/configuration data from a
> > database.  This is still a few months down the road, but I just wanted
> > to give you guys a heads up that doing good work on a schema now will
> > reward us all later. :)
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/snort-devel

--
Martin Roesch
roesch at ...48...
http://www.snort.org




More information about the Snort-devel mailing list