[Snort-users] newbie type questions

Rich Adamson radamson at ...2127...
Mon Jun 23 15:11:16 EDT 2003


> Ok, I'm teetering on the brink of a rant, but I'm going to try to come
> back from the edge--And no, it's not at anyone in particular....
> 
> Check the FAQ [0], the ACID FAQ [1], and the archives [2].  It's been
> spelled out there more times than I would care to count.

Been a fair amount of discussion on the list in terms of new users asking
repetitive questions, however keep in mind not a single one of them have
a clue they are repeating previously asked questions, and its not all that 
obvious where the two-hour-old user should be looking for answers.

Example: look around the www.snort.org home page and see if there is anything
that you can easily spot that would suggest a reasonable way to research
a typical question. Down the left side is "News", "Documentation", "Downloads"
and "Mailing lists". Guess which one of those happens to be the first thing
that a new user recognizes!! (Its the one right after documentation, and 
they don't need to read that as yet since snort and a favorite add-on is not
running. Think about that for just a second. Those that have been involved
with any form of marketing know where the eye focuses on that first page.)

2nd Example: check the FAQ... what does it suggest for help?  Question 1.3
says "use the mailing list". If one searches the FAQ for mailing list 
archives, it doesn't exist. Maybe that should be FAQ 1.1.5, or 1.3 reworded 
to cover the aggressive (but nicely worded) references that have been going 
on for some time.

3rd Example: if one finally recognizes that a mailing list archive even
exists (at another site), that site _implies_ the search has to be done by
month (even though most of us know that's not the case). 

I'd suggest the maintainers of the www.snort.org page could do a _lot_ more
to help point out what is considered appropriate research behavior, even for
newbies. How about something as simple as a bold statement at the top of the
home page that says...
"You've got questions, we've got answers... most have already been asked,
click here!" An common search example might even be beneficial. (The News can 
always follow by at least one line!)

signed...
long time reader and user (not a newbie)






More information about the Snort-users mailing list