Robert - elists wrote:
> Greetings
>
> Is using sa-compile the standard now?
>
> ... or are most organizations still just using the stock formatted
> rulesets?
>
> If not the standard, is it the SA recommended standard?
>
> I know there can be problems or issues, yet if we do use sa-compile as
> instructed by the documentation, should we be on the lookout for any
> specific issues in logs or operations?
>
> Thanks and kind regards!


I would say that sa-compile is the preferred method due to its
performance benefits. There aren't many (any?) drawbacks to using it.

That said, I still cannot get it to work on my system. Everything works
fine with the standard rulesets, but as soon as I enable the compiled
rules, I start getting lots of errors in the logs about duplicated
rules. Nobody had any suggestions for me when I posted this problem, so
apparently it's not affecting a lot of people, but keep an eye on your
logs after enabling it.

Other than that, just keep in mind that you will need to add the
sa-compile command to your update scripts. sa-update will not compile
the updated rules for you.

--
Bowie