[Snort-users] Rule order?
lists at ...9778...
Thu Dec 18 04:47:03 EST 2003
Am Mit, 2003-12-17 um 21.32 schrieb Toby Rodwell:
> I think I might be missing something basic here. I'm getting to grips with
> Snort, trying out some really simple configs. I'm use to rules being run in
> the sequence they appear, so I my snort.conf is currently this:-
Unfortunately, thats not the way snort evaluates the rules. Depending on
the Snort version the rules are reordered differently.
Snort always reorders the rules to increase its performance. It
practically builds its rule engine on the fly. If you are using Snort
2.x there is a whitepaper on the Snort homepage explaining the
Book: VPN mit Linux
Book: Intrusion Detection für Linux Server http://www.spenneberg.com
Honeynet Project Mirror: http://honeynet.spenneberg.org
More information about the Snort-users