classification.config disagrees with manual?

["Crow, Owen" <Owen_Crow () bmc com>]

The manual entry for Classtype (2.3.28) shows the default priorities for
different classifications.  The priority is a higher number for more
important classes.  For example a "Successful Administrator Privilege Gain"
has priority 11 while "Not Suspicious Traffic" has a priority of 0.

This seems to disagree with the classification.config found in
snortrules.tar.gz which only has priorities ranging from 1 to 4 where 1 is
the highest priority.  For example, "Successful Administrator Privilege
Gain" is 1 and "A TCP connection was detected" is 4.

Am I missing something in the docs to explain this?  I'm running 1.8.2 but
with the latest rules snapshot and the docs off the web
(http://www.snort.org/docs/writing_rules/).

I plan to eliminate all but the most important rules using a script to
comment out the ones with the wrong priority or class.  If there's a better
way, please let me know.  Monitoring WAN links is pretty noisy with all the
rules on...

Thanks,
Owen Crow
Systems Programmer (Unix)
BMC Software, Inc.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users