Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Choosing Config detection - search-method

From: Anacleto Junior <suporte.anacleto () gmail com>
Date: Thu, 13 Mar 2014 11:37:22 -0300
Oh thanks.

Now it's clear for me. I think that using the ac-split it's better for me
for now. I have to study more about Snort to start changing some advanced
options.

Thank you for your response.


2014-03-13 10:57 GMT-03:00 Bhagya Bantwal (bbantwal) <bbantwal () cisco com>:


 Hello Anacleto Júnior,

 The detection method with the snort.conf we ship is ac-split. The
default in the code is ac-bnfa. Both detection methods are low on memory
and high on performance.

 The optimal detection method depends on the rule set you have.

 Thank you!
Bhagya

  From: Anacleto Junior <suporte.anacleto () gmail com>
Date: Tuesday, March 11, 2014 12:51 PM
To: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net



Subject: [Snort-users] Choosing Config detection - search-method






-- 
Anacleto Júnior
Analista de TI e Redes
Linux User: #447388

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: