Active Rules & Management

[Alessandro Sforzin <reg.regedit () gmail com>]

Hello everyone,
I'm pretty new to SNORT and I've just started playing a little bit with it
on my home network.

I have a couple of questions.

1. How many rules are too much rules?

When I download the rule sets using a script like pulledpork and then run
SNORT, the status report says that I have loaded some 24K rules.
I understand that the more rules you use, the more resources SNORT will
consume resources, but let's suppose we are in a scenario in which you
don't have to worry about CPU/Memory usage.
Is there a point in using ALL possible rules, or is it generally
recommended to tailor the rule configurations to your specific needs?

2. Do you use scripts like pulledpork (which creates a single files for all
the rules) or you prefer to keep them in their separate .rules files?

Thanks in advance

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!