quick question about snort.conf

[AllowOverride <allowoverride () gmail com>]

i noticed today that the snort.conf from:

http://labs.snort.org/snort/2931/snort.conf

still includes the "include" rules.

from what i have been told, for IDS in my case, I need to # out the
include statements, and only use the snort.rules likes this:

include $RULE_PATH/snort.rules

so to wrap up: when i use the snort.rules listed above snort works. if i
do NOT include the path above it will not. 0 bytes snort.log is my
prove.

i am curious as to why the downloadable snort.conf is still including
the paths below, not #'d out, and still available?? 

shouldn't they be removed since snort.rules is the supported way
officially? 

just wondering, i appreciate your comments.



wrong way:

# site specific rules
include $RULE_PATH/local.rules

include $RULE_PATH/app-detect.rules
include $RULE_PATH/attack-responses.rules
....

right way:

# site specific rules 
#include $RULE_PATH/local.rules
include $RULE_PATH/snort.rules

#include $RULE_PATH/app-detect.rules
#include $RULE_PATH/attack-responses.rules
....


correct?

PS. base1.4.5, barnyard2, pulledpork, snort work fine :)

thanks!




------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!