[Snort-users] Custom rule sets
roman at ...438...
Mon Nov 26 12:23:22 EST 2001
On Mon, 26 Nov 2001, Madhav Diwan wrote:
> If I make a custom rule for some type of signature that i define myself
> and i dont have a sid in the rule .. how does this affect the placement
> of an alert from that rule into a Snort MySQL database ?
Defining custom rules (with or without a sid) does not present any
problems for the Snort MySQL database. It _will_ be logged into the
database. The DB schema applies its own unique key to the signatures.
More information about the Snort-users