[Snort-devel] *.rules files parsing
twease at ...402...
Thu Nov 19 08:04:43 EST 2009
All non-rule configurations are parsed first because there may be some
configuration options necessary for rules parsing, for example
preprocessor rule options. A second pass is then done to parse the rules.
On 11/19/2009 07:47 AM, alessandrorguard-snortml at ...2440... wrote:
> During some testing with parser.c it comes out that the rules files
> included in the snort.conf file gets included 2 times: the first in
> ParseSnortConf(), then in ParseRules().
> Is it correct?
> What are the differences in the two steps?
> Could any developer tell the structure of the parsed rules? The only documentation I’m finding on the net seems to be obsolete…
> Alessandro R
More information about the Snort-devel