[Snort-devel] Patch

Daniel J. Roelker droelker at ...402...
Tue Jan 13 10:17:01 EST 2004


Hi Tim,

The "-o" option is just a quick way to switch around the rule ordering
to the other common usage that users prefer.  For all other types of
rule ordering configuration, users should use the 'config order' option
in their snort.conf.

In general, we don't want to specify snort configuration on the command
line or at the very least keep this to a minimum, so unless Marty or
others want to change that party line we'll keep things as they are.

Dan

On Tue, 2004-01-13 at 08:07, Tim Saunders wrote:
> Good, I was wondering about making -Z take a rule order.
> 
> When I went looking for the option to change the rule order I found 
> the -o option and I didn't look any further after that. Is the -o
> option for backwards compatability? If so should/could it be marked
> depriciated and removed in version 2.5/3 etc.
> 
> Tim
> 
> > -----Original Message-----
> > From: Andreas Östling [mailto:andreaso at ...387...] 
> > Sent: 13 January 2004 12:33
> > To: Tim Saunders
> > Cc: snort-devel at lists.sourceforge.net
> > Subject: Re: [Snort-devel] Patch
> > 
> > 
> > 
> > On Tuesday 13 January 2004 10:53, Tim Saunders wrote:
> > 
> > > The patch adds a -Z command line switch to change the rule 
> > application 
> > > order to Pass, Log then Alert. There is not particular 
> > reason I chose 
> > > Z so I don't mind if anyone wants to change it.
> > ...
> > 
> > In case you're not aware of it, you can already set an 
> > arbritrary rule order in snort.conf (section 2.1.3.2 in the 
> > manual). This will do the same thing as 
> > with -Z with your patch:
> > config order: pass activation dynamic log alert
> > 
> > /Andreas
> > 
> > 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: Perforce Software.
> Perforce is the Fast Software Configuration Management System offering
> advanced branching capabilities and atomic changes on 50+ platforms.
> Free Eval! http://www.perforce.com/perforce/loadprog.html
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 
-- 
Daniel Roelker
Software Developer
Sourcefire, Inc.





More information about the Snort-devel mailing list