[Snort-users] Dangerous to use custom ruletypes?
elof at ...6680...
Wed May 14 10:18:13 EDT 2003
On Wed, 14 May 2003, Erek Adams wrote:
> > Is it dangerous to use custom ruletypes?
> > I just discovered that when you define your own ruletypes, they are put
> > LAST in the chain of rules. Here is an example of the output when I run
> > snort with the -o option (pass rules first):
> > Rule application order: ->pass->activation->dynamic->alert->log->panic
> Little Known Snort Tidbit #324:
> config order: panic pass activation dynamic alert log
> Thank Andrew for that one. ;-)
Ah! Yes, thank you Andrew and Erek. I was getting really worried here...
Hmmm, maybe this should be in the manual, one think.
Sentor AB, Sweden
More information about the Snort-users