[Snort-devel] Before you cast your 2.0 in stone ...

Phil Wood cpw at ...86...
Sat Nov 9 16:26:01 EST 2002

I've been trying to keep up.  Ran into conf file problem.  So, here is
a suggestion.

All rules files should end in .rules

The rule file names that come with your distribution are fine.

I've come up with additional names that provide for large site sensor

I use local.rules for the rules relevent to the IDS host which may be
running multiple sensors.

I use the new name "site.rules" which cover site wide rules.

I use <instance>.rules for a particular snort process.  <instance> corresponds
to the little tidbit I put in the /var/log/*run file name.

Just a very small morsal for thought.



More information about the Snort-devel mailing list