Snort mailing list archives
classification.config disagrees with manual?
From: "Crow, Owen" <Owen_Crow () bmc com>
Date: Mon, 19 Nov 2001 11:14:22 -0600
The manual entry for Classtype (2.3.28) shows the default priorities for different classifications. The priority is a higher number for more important classes. For example a "Successful Administrator Privilege Gain" has priority 11 while "Not Suspicious Traffic" has a priority of 0. This seems to disagree with the classification.config found in snortrules.tar.gz which only has priorities ranging from 1 to 4 where 1 is the highest priority. For example, "Successful Administrator Privilege Gain" is 1 and "A TCP connection was detected" is 4. Am I missing something in the docs to explain this? I'm running 1.8.2 but with the latest rules snapshot and the docs off the web (http://www.snort.org/docs/writing_rules/). I plan to eliminate all but the most important rules using a script to comment out the ones with the wrong priority or class. If there's a better way, please let me know. Monitoring WAN links is pretty noisy with all the rules on... Thanks, Owen Crow Systems Programmer (Unix) BMC Software, Inc. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- classification.config disagrees with manual? Crow, Owen (Nov 19)