[Snort-devel] RFC - XML Rules definition question?

burak dayioglu dayioglu at ...287...
Wed Jan 9 23:07:02 EST 2002


On Wed, 9 Jan 2002, Andrew R. Baker wrote:
> writing and reading rules rely entirely on external applications.  I
> will no longer be able to write a new rule by just opening up the rules
> file with vi.

I don't think that way. Still, as the file will be all-ASCII, can be
edited with vi and you can copy/paste an existing one to start writing a
new rule. I have playing out with Hank and it seems to me that XML based
rules are more "readable" and writing is not much more difficult.  IMHO,
having a GUI to do the work will surely help but is not a must.

thanks,
-bd





More information about the Snort-devel mailing list