[Snort-devel] Before you cast your 2.0 in stone ...
cpw at ...86...
Sat Nov 9 16:26:01 EST 2002
I've been trying to keep up. Ran into conf file problem. So, here is
All rules files should end in .rules
The rule file names that come with your distribution are fine.
I've come up with additional names that provide for large site sensor
I use local.rules for the rules relevent to the IDS host which may be
running multiple sensors.
I use the new name "site.rules" which cover site wide rules.
I use <instance>.rules for a particular snort process. <instance> corresponds
to the little tidbit I put in the /var/log/*run file name.
Just a very small morsal for thought.
More information about the Snort-devel