[Snort-users] Multiple Win32 occurances?

Paul Schmehl pauls at ...6838...
Tue Nov 25 17:42:09 EST 2003


--On Tuesday, November 25, 2003 4:54 PM -0800 Michael Steele 
<michaels at ...9077...> wrote:

> Why?
>
One instance is the "main" snort engine.  The second is used for 
experimenting with new rules and new keywords (such as thresholding) before 
introducing them to the "real" snort.  The "special" snort db can be 
dropped and recreated as often as I want, but the "real" one remains as an 
archive.

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu




More information about the Snort-users mailing list