[Snort-users] Riddle me this.

larosa, vjay larosa_vjay at ...3331...
Wed Jun 11 10:52:02 EDT 2003


Okay,
 
If I have three IDS sensors all logging back to a MySQL database. two
sensors have the exact same rules. On sensor's rules have different
classifications in the classtype portion of the signature. How and when does
the entry for sig_class_name get put in to the sig_class table? 
 
Now let's say I want to go and either add classtype or modify the classtype
on a few rules, how does the table sig_class get updated? Do I need to
update it manually (will this break anything?), or when this rule is
triggered does that initiate the update of the table?
 
Thanks!
 
vjl 
 
V.Jay LaRosa                   EMC Corporation
Information Security          4400 Computer Dr.
(508)898-7433 Office       Westboro, MA 01580
(508)353-1348 Cell           www.emc.com <http://www.emc.com> 
888-799-9750 Pager         vjl at ...3331...
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030611/6d69dd04/attachment.html>


More information about the Snort-users mailing list