* Michael Starks <[email protected]> [2014-03-20 21:00:03 -0500]:
On 03/20/2014 02:02 PM, Vic Hargrave wrote:
One problem with this that I can see is keeping the rule ids for new
rules unique. We'd have to figure out how to set aside rule id ranges
that would serve as namespaces or at least log the ids used by people as
they add rules. If we do this we should have a well maintained READ me
that identifies the rule ID ranges and what they do.
When I used to add support for new applications, Daniel C would assign
me a range to use, depending on how many rules I thought I might
create. It was very much like getting assigned a class C, and also had
the associated issues (wasting rule space, etc). There was a page
which has all of the defined rule spaces. It should be around
somewhere--heck, maybe even in the Wayback machine. :) The user space
is also well defined and should not change for legacy reasons.
It's in the repo:
https://github.com/ossec/ossec-hids/blob/master/doc/rule_ids.txt
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
