[Snort-users] Custom rule sets

Roman Danyliw roman at ...438...
Mon Nov 26 12:23:22 EST 2001


On Mon, 26 Nov 2001, Madhav Diwan wrote:

[snip]
> If I make a custom rule for some type of signature that i define myself
> and i dont have a sid  in the rule .. how does this affect the placement
> of an alert from that rule into a Snort MySQL database ?

Defining custom rules (with or without a sid) does not present any
problems for the Snort MySQL database.  It _will_ be logged into the
database.  The DB schema applies its own unique key to the signatures.

Roman





More information about the Snort-users mailing list