Snort mailing list archives
Re: Snort searching algorithm
From: Y M <snort () outlook com>
Date: Tue, 13 May 2014 04:43:05 +0000
P.S.: Please reply to the entire list so everyone can benefit/participate, and not only to the person who replied to your request. If I am understanding your request right, then there are several preprocessors through which the packet stream passes through before it hits the detection engine (I guess?, logically speaking). For example, packet decoders and the reputation preprocessor get to process packets before the detection engine. However, these preprocessors also have rules (text or SO rules) and will log certain traffic anomalies (rules) or when a blacklisted IP is matched by the reputation preprocessor, respectively. My understanding is that these preprocessors will output directly to the output plugin, as opposed to "consulting" with the detection engine before the actual output is made. YM Date: Mon, 12 May 2014 18:48:42 -0400 Subject: RE: [Snort-users] Snort searching algorithm From: bontupalliv1 () udayton edu To: snort () outlook com Thanks for the reply... Is there a possibility to log the preprocessor data before it hits the detection engine.. If so what can be the code/conf changes On May 9, 2014 4:25 PM, "Y M" <snort () outlook com> wrote:
From the documentation: http://manual.snort.org/node16.html#SECTION00313000000000000000. Look for "config detection: [search-method <method>]", this should help.
YM Date: Fri, 9 May 2014 14:32:27 -0400 From: bontupalliv1 () udayton edu To: snort-users () lists sourceforge net Subject: [Snort-users] Snort searching algorithm Dear snort users, Could anyone please tell me what pattern matching algorithm(s) snort use in detection engine for detecting malicious packet content against its rules content. ------------------------------------------------------------------------------ Is your legacy SCM system holding you back? Join Perforce May 7 to find out: • 3 signs your SCM is hindering your productivity • Requirements for releasing software faster • Expert tips and advice for migrating your SCM now http://p.sf.net/sfu/perforce _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort searching algorithm Venkataramesh Bontupalli (May 09)
- Re: Snort searching algorithm Y M (May 09)
- Message not available
- Re: Snort searching algorithm Y M (May 12)
- Re: Snort searching algorithm Venkataramesh Bontupalli (May 13)
- Message not available
- Re: Snort searching algorithm Y M (May 09)