[Snort-users] Pattern Match in Content

Dan Fiorito danf at ...1406...
Tue Feb 26 14:18:15 EST 2002


Does anyone know of a way to pattern match in the content option of a
rule. I have read the Regex option and think this is the way to do it. I
am trying to match a part number format of   XX-XXX-XXXX.

 Would this come at a high cost in terms of overhead? Does this example
make sense.

(flags: A+; content: "**-***-****"; regex; msg: "Internal Part Number";)

Thanks




More information about the Snort-users mailing list