[Snort-users] Dangerous to use custom ruletypes?
erek at ...950...
Wed May 14 10:04:06 EDT 2003
On Wed, 14 May 2003, Martin Olsson wrote:
> Is it dangerous to use custom ruletypes?
> I just discovered that when you define your own ruletypes, they are put
> LAST in the chain of rules. Here is an example of the output when I run
> snort with the -o option (pass rules first):
> Rule application order: ->pass->activation->dynamic->alert->log->panic
Little Known Snort Tidbit #324:
config order: panic pass activation dynamic alert log
Thank Andrew for that one. ;-)
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users