Newbie questions are as newbie questions does

["Geoff Craig" <GCraig () quilogy com>]

Hello all,
 
In a "theoretical" deployment, say you had one Snort box that was
monitoring traffic going to 3 boxes, 2 real web servers, and 1 honeypot.
So, I have a rule that alerts on all port 80 traffic going to the
honeypot, but just the web-iis.rules for the other 2 web servers.  Will
the rule that logs all port 80 traffic cause the web-iis.rules to not be
fired when going to the honeypot?  If I need to be more in depth let me
know.
 
In other words, what happens if two rules happen to be a positive for a
certain packet or stream?  If only one fires how can you control which
one?
 
Thanks!
 
Geoff