Snort mailing list archives
Features use research
From: Chris Green <cmg () uab edu>
Date: Mon, 11 Feb 2002 15:18:50 -0600
I know that most people use a small subset of the code that exists in snort. Looking around at the documentation with a coworker, a lot of things were pointed out to me that don't quite make a lot of sense. Please avoid "me too" replies. If theres some sort of option I wanted to get an idea of what things people used. I can think of possible uses for tons of this stuff, I want more "in active use" data. logto: rule option? I've never thought of using it instead of binary logging and tagging. customized ruletypes? Some people using these to move different alerts to different output methods. Anything else? activate/dynamic ( this functionality will be thrown into tagging somehow )? content-list: session: Variable usage like: $(var:-default) or $(var:?warn) I think changing the variable descriptions to fatal if undefined would go a long way in fixing learning snort configuration woes. A lot of these things are cruft thats accumalted over the years and when code is cleaned up, a lot of these crufts can be cleaned up / eliminated. If there is functionality thats important or a usage I'm not thinking of, please let me know. -- Chris Green <cmg () uab edu> I've had a perfectly wonderful evening. But this wasn't it. -- Groucho Marx _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Features use research Chris Green (Feb 11)