[Snort-devel] Multirule inspection engine

Marc Norton marc.norton at ...402...
Mon Jun 23 12:54:14 EDT 2003


The Wu manber and most multi-pattern search engines find all occurrences of
patterns. However, remember snort only logs one event per packet.  So, we
queue up all of the occurrences, and select one. Usually the longest content
that matches is considered the most significant and accurate. Someday we'll
log multiple packets.
 
-----Original Message-----
From: snort-devel-admin at lists.sourceforge.net
[mailto:snort-devel-admin at lists.sourceforge.net] 
Sent: Monday, June 16, 2003 3:54 PM
To: snort-devel at lists.sourceforge.net
Subject: [Snort-devel] Multirule inspection engine
 
The engine (based on wu manber algorithm) finds all the occurrences of a
pattern in a packet or the first one?
 
Antonatos Spiros
 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 4808 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20030623/e593675f/attachment.bin>


More information about the Snort-devel mailing list