[Snort-sigs] Multiple Keyword Sig, is it possible?

Erik de Castro Lopo erikd+snort at ...2555...
Wed Jun 16 22:43:04 EDT 2004

On Thu, 17 Jun 2004 00:21:36 -0500
Jeffrey Lowe <jeffrey.lowe at ...2440...> wrote:

> Is it possible to create a sig that will trigger on a variety of keywords 
> instead of needing a separate sig for each keyword? Such as a sig that 
> triggers on one of twenty different keywords?

Errr, PCRE?


Should trigger on any of the above words.

However, according to this:


using PCRE without a CONTENT rule is not recommended.

[N] Erik de Castro Lopo, Senior Computer Engineer
[E] erik.de.castro.lopo at ...2555...
[W] http://www.sensorynetworks.com
[T] +61 2 83022726 
[F] +61 2 94750316 
[A] L4/140 William St, East Sydney NSW 2011, Australia
A good debugger is no substitute for a good test suite.

More information about the Snort-sigs mailing list