hi, > it's compiled C code, so whatever affects portability of that will > affect compiled rulesets too.
likely depends on choices of compile-time optimization, i think. need to read up, and check if/what presumptions are made by sa-compile process. i've cross-compiled across different arch's within a CPU family before, so that's not an issue. i've *not* done so across different CPUs (e.g., PPC vs x86), so that'll need some investigation. assuming 'all that' gets ironed out, is it sufficient to simply 'push' the "/compiled" dir's contents to each box -- with a HUP of SA, i'd guess? or does each SA instance need to be otherwise 'informed' of the presence/change of compiled rules/files? thanks!