Features use research

[Chris Green <cmg () uab edu>]

I know that most people use a small subset of the code that exists in
snort.  Looking around at the documentation with a coworker, a lot of
things were pointed out to me that don't quite make a lot of sense.
Please avoid "me too" replies.  If theres some sort of option

I wanted to get an idea of what things people used.  I can think of
possible uses for tons of this stuff, I want more "in active use" data.

logto: rule option?  I've never thought of using it instead of binary
logging and tagging. 

customized ruletypes? Some people using these to move different alerts
to different output methods. Anything else?

activate/dynamic ( this functionality will be thrown into tagging
somehow )?

content-list:
session:

Variable usage like:
$(var:-default) or $(var:?warn)

I think changing the variable descriptions to fatal if undefined would
go a long way in fixing learning snort configuration woes.

A lot of these things are cruft thats accumalted over the years and
when code is cleaned up, a lot of these crufts can be cleaned up /
eliminated.  If there is functionality thats important or a usage I'm
not thinking of, please let me know.
-- 
Chris Green <cmg () uab edu>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users