> Why do you need to modify the RPM at all? What stops you from
> creating an
> e-smith-snort RPM to add e-smith compatible configuration?
I was actually thinking of a three step process.
I wanted to have a release of snort available immediately as an after-market
bolt on that is compatible with e-smith. I want to spend my time right now
perfecting the rulesets.
Phase two was spending some time on making e-smith specific rule sets to
minimize any packet performance loss while effectively watching the system.
Phase three was a fully compatible e-smith rpm add on using template
fragments etc.
Of course I could always just do it the "right" way from the start but I was
hoping to be working on the rules by this afternoon and Maximum RPM is more
than a 2 hour read :)
I have tried a few other things and nothing is working on this spec so it
looks like I will have to build my own anyways. No shortcuts today.
Thanks Charlie, I am sure I will have more questions...
Justin
