Snort mailing list archives
Re: *.rules files parsing
From: alessandrorguard-snortml () yahoo it
Date: Thu, 19 Nov 2009 13:55:09 +0000 (GMT)
Any hint about the structure of the parsed rules? ----- Messaggio originale -----
Da: Todd Wease <twease () sourcefire com> A: alessandrorguard-snortml () yahoo it Cc: snort-devel () lists sourceforge net Inviato: Gio 19 novembre 2009, 14:04:43 Oggetto: Re: [Snort-devel] *.rules files parsing All non-rule configurations are parsed first because there may be some configuration options necessary for rules parsing, for example preprocessor rule options. A second pass is then done to parse the rules. On 11/19/2009 07:47 AM, alessandrorguard-snortml () yahoo it wrote:During some testing with parser.c it comes out that the rules files included in the snort.conf file gets included 2 times: the first in ParseSnortConf(), then in ParseRules(). Is it correct? What are the differences in the two steps? Could any developer tell the structure of the parsed rules? The onlydocumentation I’m finding on the net seems to be obsolete…Thanks! Alessandro R
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- *.rules files parsing alessandrorguard-snortml (Nov 19)
- Re: *.rules files parsing Todd Wease (Nov 19)
- Re: *.rules files parsing alessandrorguard-snortml (Nov 19)
- Re: *.rules files parsing Todd Wease (Nov 19)