[Oisf-wg-ruleslanguage] OISF Rules Syntax Working Group Kickoff
Frank Knobbe
frank at knobbe.us
Fri Jul 31 19:02:37 UTC 2009
On Fri, 2009-07-31 at 10:39 -0700, Brian Rectanus wrote:
> I don't particularly care for XML for this. While it is nice for
> interoperability (ie for machines to read), it is a real pain to write
> rules with this syntax (too verbose and too error prone to write by
> hand in vim, heh). I'd much rather see a simpler rule language that
> is easy for humans to write and, probably more important, read and
> understand.
I agree. My use of tags was just a section break to signal the parser
that a different type of rule follows. I should have used "[snort]", but
then Shirkdog would have complained that it looks too much like
Windows ;)
Human readable and easy to read/write/remember/comprehend are key.
Cheers,
Frank
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 188 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-wg-ruleslanguage/attachments/20090731/083b65db/attachment.sig>
More information about the Oisf-wg-ruleslanguage
mailing list