[Snort-sigs] Rule Documentation - Rules of engagement

Esler, Joel Contractor EslerJ at ...785...
Tue Jun 24 09:03:18 EDT 2003

Now you tell us.

-----Original Message-----
From: Nigel Houghton [mailto:nigel.houghton at ...435...] 
Sent: Tuesday, June 24, 2003 11:03 AM
To: Snort Sigs
Subject: [Snort-sigs] Rule Documentation - Rules of engagement

Thanks to everyone who has submitted documentation. I am currently compiling
a list of rules that have had documentation submitted but have not yet been
committed to the store. This should assist everyone currently writing new
documents. (at least it will save time searching the mail archives)

For folks submitting documentation, here are a few rules of engagement.

1. Please use the format laid out in the template, it is distributed with
the source for Snort and is conveniently located at
http://www.snort.org/snort-db/snort-sid-template.txt also.

2. Look at the existing documentation for guidance on writing the actual

3. Please do not remove the "--" characters from your document, they are
useful place markers when performing some Perl skulduggery to parse the
files. Brian may also need them for the web site cgi script too.

4. Add your document as an attachment to your e-mail and name the file
[sid].txt, e.g. for sid 1000 the document would be called 1000.txt.

5. Check any additional references carefully and make sure they apply to the
rule being documented.

6. Make sure your work is original. If you are submitting corrections or
additions to existing documentation please use the existing document and
clearly mark your work.

7. Read this http://www.snort.org/snort-db/help.html

8. If you wish to package up a whole bunch of documents, that's fine but it
would help if you could give the file a useful name like
your_name_snort_documents.tgz or somesuch. When extracted it would also help
if they unpacked into a directory that is also named something like

Thanks again to everyone, the response has been overwhelming so far.

Nigel Houghton       Security Engineer        Sourcefire Inc.

"I have read of a place where humans do battle in a ring of Jell-O."

This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net

More information about the Snort-sigs mailing list