[Snort-sigs] Question about pcre syntax
pauls at ...1311...
Sat Feb 16 15:10:34 EST 2008
Is this correct syntax for pcre? Or will it not work at all?
The intent is to provide a bunch of ors that would match after a previous
positive content match.
Would it be more efficient (less resource intensive) to write a separate
rule for each match, even though the entire rule would be the same except
for the second content match?
Paul Schmehl (pauls at ...1311...)
Senior Information Security Analyst
The University of Texas at Dallas
More information about the Snort-sigs