Policy-Based monitoring

["Kaplan, Andrew H." <AHKAPLAN () PARTNERS ORG>]

Hi there --

I got Snort to operate successfully and alerts are appearing on the ACID
console. My next step is to refine the monitoring, and to that end the approach
that I was planning on taking was using a policy-based.rules file. I will be
modifying the snort.conf file to include the line: include
$RULE_PATH/policy-based.rules.

The questions I have are, does the position of the new line matter? Should I put
the new line at the beginning of the include statements or after them? Also,
besides
adding the line is there anything else that I need to do to Snort, or is simply
adding the above line sufficient? Thanks.


-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users