[Snort-sigs] Snort Rule optimizer

Daniel J. Roelker droelker at ...435...
Thu May 27 07:00:09 EDT 2004

Sourcefire has whitepapers on the design and implementation of the Snort
2.0 detection engine (since Sourcefire paid for the design and
development).  You can check them out at:



On Thu, 2004-05-27 at 05:27, skaf wrote:
> Hello,
> I am new to your mailing list and to snort, i am doing a research on
> Snort IDS and especially on how the preprocessors and detection engine
> works, 
> I read about the new detection engine and the rule optimiser, I bought
> the new snort 2.1 book but I cant find lots of documentation on how the
> rule Optimiser works (and the Multi rule pattern match)
> Anyone have links on where do i get useful information about these
> subjects ?
> Does the Rule optimiser creates the Rule sets on every packet or they
> are created during initialisation ?
> Thanks
> Rawad
Daniel Roelker
Software Developer
Sourcefire, Inc.

More information about the Snort-sigs mailing list