[Snort-users] Dangerous to use custom ruletypes?

Erek Adams erek at ...950...
Wed May 14 10:04:06 EDT 2003

On Wed, 14 May 2003, Martin Olsson wrote:

> Is it dangerous to use custom ruletypes?
> I just discovered that when you define your own ruletypes, they are put
> LAST in the chain of rules. Here is an example of the output when I run
> snort with the -o option (pass rules first):
>   Rule application order: ->pass->activation->dynamic->alert->log->panic


Little Known Snort Tidbit #324:

	config order: panic pass activation dynamic alert log

Thank Andrew for that one.  ;-)


Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

More information about the Snort-users mailing list