[Snort-devel] Multirule inspection engine
marc.norton at ...402...
Mon Jun 23 12:54:14 EDT 2003
The Wu manber and most multi-pattern search engines find all occurrences of
patterns. However, remember snort only logs one event per packet. So, we
queue up all of the occurrences, and select one. Usually the longest content
that matches is considered the most significant and accurate. Someday we'll
log multiple packets.
From: snort-devel-admin at lists.sourceforge.net
[mailto:snort-devel-admin at lists.sourceforge.net]
Sent: Monday, June 16, 2003 3:54 PM
To: snort-devel at lists.sourceforge.net
Subject: [Snort-devel] Multirule inspection engine
The engine (based on wu manber algorithm) finds all the occurrences of a
pattern in a packet or the first one?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4808 bytes
Desc: not available
More information about the Snort-devel