[Snort-sigs] Snort Rule optimizer

Daniel J. Roelker droelker at ...435...
Thu May 27 07:00:09 EDT 2004


Sourcefire has whitepapers on the design and implementation of the Snort
2.0 detection engine (since Sourcefire paid for the design and
development).  You can check them out at:

http://www.sourcefire.com/technology/whitepapers.html

Dan

On Thu, 2004-05-27 at 05:27, skaf wrote:
> Hello,
>  
> I am new to your mailing list and to snort, i am doing a research on
> Snort IDS and especially on how the preprocessors and detection engine
> works, 
>  
> I read about the new detection engine and the rule optimiser, I bought
> the new snort 2.1 book but I cant find lots of documentation on how the
> rule Optimiser works (and the Multi rule pattern match)
>  
> Anyone have links on where do i get useful information about these
> subjects ?
>  
> Does the Rule optimiser creates the Rule sets on every packet or they
> are created during initialisation ?
>  
> Thanks
>  
> Rawad
>  
-- 
Daniel Roelker
Software Developer
Sourcefire, Inc.





More information about the Snort-sigs mailing list