To try and understand how to import a set of snort rules of my own (namely the emergingthreats.net basis), I started doing a lot of reading...
After reading many postings here about snort rules and why there's 11k plus snort rules vs just under 3000 here...and further comments on the why are not all the rules active...are the untangle staff smarter, etc...
At the end of it, I understand two things...
1. this is a layer 7 filter so 75% of the snort rules are not applicable.
2. lots of people want all the logging and maybe enable them, regardless of the 100 pages you need to manually parse to activate them if you wish.
I can't help on my quest yet...give me another day or two... nor improve the 75% you may think have been dropped...
That said, if you want to turn all logging for all the rules, this little bit of code run from the terminal will do that for you... you can verify from the gui easily enough...
update n_ips_rule set log = 't';
If you instead want to activate them all (no going back to their prechosen options easily except a reload (or backup restore which you're on your own for)
update n_ips_rule set live = 't';
Hope that helps....
And with any luck, I hope to get some instructions up on how to bulk import a set of snort rules such as those from www.emergingthreats.net