[Snort-openappid] Some initial Queries on openappid

Mike Stepanek (mstepane) mstepane at ...5...
Tue May 26 08:34:17 EDT 2015


1) If you add an app ID, there's no need to recompile, but you do need to restart Snort.

2) Yes, OpenAppID makes use of a lot of the same pattern matching engines that were already in Snort.

3) Which reference to "ac split" are you referring to?  It's most likely completely unrelated.  Most likely, it's referring to a feature that we'd worked on here related to some basic refactoring of preprocessor configurations.

- Mike Stepanek
   mstepane at ...5...

From: sripaduka R [mailto:padukaietf at ...8...]
Sent: Tuesday, May 26, 2015 8:16 AM
To: snort-openappid at lists.sourceforge.net
Subject: [Snort-openappid] Some initial Queries on openappid

Hi
 Am new to snort and openappid - going through the Lua APIs.

  Some initial queries :

 -- does adding an appid warrant a recompilation  and/or restart of the snort exe or is the database constructed on the fly ?

 -- does openappid internally use the same search engine as basic snort  -- saw a reference to AC split etc.  ?

- ac split .... : this is ..aho corasic.. ?

thanks
-- SAT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20150526/c39ab421/attachment.html>


More information about the Snort-openappid mailing list