[Snort-devel] RFC - XML Rules definition question?

A.L.Lambert max at ...425...
Thu Jan 10 09:59:02 EST 2002


	I'll weigh in again from the same point I came from last time this
debate surfaced; I'm perfectly happy with snort's current rules format.  
Regardless of differing opinions, it's almost trivially easy to work with
as it is currently (at least for me; and I am by no means a genius).  
It's especially easy to write simple shell scripts or C/C++ code to
manipulate the rules files, generate new rules, etc, which is another big
bonus, since rules almost universally need to be "tweaked" for each
environment.

	Moving to XML seems to me to have the only benefit of making
OO-centric programmers lives easier, while doing nothing for the end users
of snort (such as myself) but complicating life.  I for one, vote strongly
against having my life complicated any more than it already is.

	Anyway, I really don't want to make a long winded ass of myself
over this, but I did want to make it known that I for one, find snort's
current rules-file format far easier to work with than anything XML based
will ever be, and I don't think I'm alone.

	Nuff said (by me, anyway :).

-- 
A.L.Lambert 
------------------------------------------------------------------------
We can't reach old age by another man's road. My habits protect my life
but they would assassinate you.
	-- Mark Twain
------------------------------------------------------------------------





More information about the Snort-devel mailing list