[Snort-users] Dangerous to use custom ruletypes?

Martin Olsson elof at ...6680...
Wed May 14 10:18:13 EDT 2003


On Wed, 14 May 2003, Erek Adams wrote:
> > Is it dangerous to use custom ruletypes?
> > I just discovered that when you define your own ruletypes, they are put
> > LAST in the chain of rules. Here is an example of the output when I run
> > snort with the -o option (pass rules first):
> >   Rule application order: ->pass->activation->dynamic->alert->log->panic
> [...snip...]
>
> Little Known Snort Tidbit #324:
> 	config order: panic pass activation dynamic alert log
> Thank Andrew for that one.  ;-)

Ah! Yes, thank you Andrew and Erek. I was getting really worried here...

Hmmm, maybe this should be in the manual, one think.

--
Martin Olsson
Sentor AB, Sweden





More information about the Snort-users mailing list