[Snort-users] order of rules in rule files?

Marc Dreher MarcDreher at ...158...
Tue Feb 12 14:19:03 EST 2002


I have a question on the order of the rules in the default snort rules
files. I am thinking of a way to keep track of changes made to the default rules
files. If I update the rules I want to know which rules changed.
Mostly, the rules are ordered by increasing sids, but only mostly. Is there
some higher logic behind the ordering? Do new rules to a default ruleset just
get appended to the file or are they somehow inserted into the file (grouped
with other rules of the same kind / vulnerability etc?)
Diff as a possibility to compare the rulefiles would be easyest, but I am
not sure if this is relyable.
Definitly relyable would be to sort the rules in each file by sid and then
compare. Do I break the above mentioned higher logic if doing that :-)

Thanks for any comment.


GMX - Die Kommunikationsplattform im Internet.

More information about the Snort-users mailing list