order of rules in rule files?

[Marc Dreher <MarcDreher () gmx net>]

Hi,

I have a question on the order of the rules in the default snort rules
files. I am thinking of a way to keep track of changes made to the default rules
files. If I update the rules I want to know which rules changed.
Mostly, the rules are ordered by increasing sids, but only mostly. Is there
some higher logic behind the ordering? Do new rules to a default ruleset just
get appended to the file or are they somehow inserted into the file (grouped
with other rules of the same kind / vulnerability etc?)
Diff as a possibility to compare the rulefiles would be easyest, but I am
not sure if this is relyable.
Definitly relyable would be to sort the rules in each file by sid and then
compare. Do I break the above mentioned higher logic if doing that :-)

Thanks for any comment.

Cheers
Marc

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users