| Administrators and Analysts with rules definition authority may export rules by selecting Rules -> Export from the menu bar. The rule definitions may be exported to all sensor hosts or an individual host by seleting Export to Network, or to a file by selecting Export to File. If the rule definitions are exported to the network, the message indicates that the result will be displayed in the Status information area of the left frame in the main window. This is because the transfer is actually performed by the DBD. When the sensor host receives the definitions, it backs up the existing definitions to as many as three backup files with the extensions, .0, .1, and .2. The analysis plugins are then shut down, all sessions reset for analysis to start from the beginning using the new definitions, and the plugins restarted. If the rule definitions are exported to files, they are written to a directory under the Realeyes directory in the user's home directory which is named for the sensor to receive the rules. |