I am new to the Astaro world, but not snort. Love your product, but why have you guys created a flat file for your IPS rules? Performance reasons and managability would dictate split rule sets for easier future manipulations......
IPS = 11204
# wc -l astaro.rules
11204 astaro.rules
All the rules that have been included in your GUI correspond to one file.
Snort.conf
###################################################
# Step #7: Customize your rule set
# For more information, see Snort Manual, Writing Snort Rules
###################################################
include $RULE_PATH/astaro.rules
----Snippet----
Why would you not classify your rules into a variation of snort rules:
astaro.attack-responses.rules
astaro.backdoor.rules.
Or something easier to manage.
That way you can cleanly update sets as needed once Astaro has verified a legitimate rule set? Or if you want to turn on a specific set(s) of rules?
Great product though!
Thanks.
This thread was automatically locked due to age.
