[Snort-users] Regarding pattern Matching

Govind govind at ...14232...
Fri Nov 16 16:06:24 EST 2007


Hi all,

I have written the Aho Corasick algorithm in C (corresponding to AC_FULL
option in snort) as a part of my thesis. While running the Aho Corasick
Algorithm with the snort rule set I noticed that while the Data
structure (the tree like structure of the algo) consumes 53 MB the
storage for the matched rules is 800 MB. Is this really the case or have
I missed something. I tried running the acsmx.c file in the snort
distribution with the snort rule set but the program is getting killed. 

Also in order to build the automaton I used the characters following the
content keyword in the rules. 

Thanking You

Regards
Govind





More information about the Snort-users mailing list