Will 'sh conf' output of the 5.0 code list all enabled signatures or just those tuned ones?

I am trying to convert this snort sig and would like to shun the attacker. alert tcp any any -> $HOME_NET 22 (msg:"BLEEDING-EDGE Potential SSH Brute Force Attack"; flow:to_server,established; flags:S; threshold:type limit, track by_src, count 5, seco...

Is it recommended to enable all sensing interfaces (eth7&8) in this case?I actually tried to, but it seems that all traffic always go to eth7. Am I missing something?Thanks!

We are using a Catalyst 6000 to load balance traffic from various switches into several ids sensors. We span each switches and forward the traffic to ports with different VLANs on the Catalyst 6000 to make sure that the traffic coming in the 1st por...

Is there a more detail info than the nsdb pages on what exactly each signature is looking for?