[Snort-users] Dangerous to use custom ruletypes?

Erek Adams erek at ...950...
Wed May 14 10:04:06 EDT 2003


On Wed, 14 May 2003, Martin Olsson wrote:

>
> Is it dangerous to use custom ruletypes?
>
> I just discovered that when you define your own ruletypes, they are put
> LAST in the chain of rules. Here is an example of the output when I run
> snort with the -o option (pass rules first):
>
>   Rule application order: ->pass->activation->dynamic->alert->log->panic

[...snip...]

Little Known Snort Tidbit #324:

	config order: panic pass activation dynamic alert log

Thank Andrew for that one.  ;-)

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list