[Snort-users] Riddle me this.
larosa_vjay at ...3331...
Wed Jun 11 10:52:02 EDT 2003
If I have three IDS sensors all logging back to a MySQL database. two
sensors have the exact same rules. On sensor's rules have different
classifications in the classtype portion of the signature. How and when does
the entry for sig_class_name get put in to the sig_class table?
Now let's say I want to go and either add classtype or modify the classtype
on a few rules, how does the table sig_class get updated? Do I need to
update it manually (will this break anything?), or when this rule is
triggered does that initiate the update of the table?
V.Jay LaRosa EMC Corporation
Information Security 4400 Computer Dr.
(508)898-7433 Office Westboro, MA 01580
(508)353-1348 Cell www.emc.com <http://www.emc.com>
888-799-9750 Pager vjl at ...3331...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users