Snort mailing list archives
Re: Change detection engine in Snort
From: wkitty42 () windstream net
Date: Mon, 6 Nov 2017 09:15:02 -0500
On 11/06/2017 01:26 AM, mohammed albasha via Snort-users wrote:
Hi everyone I want to ask one question about detection engine,My question is : How can I change the detection method engine in snort ( the default is AC algorithm) toWu-manber algorithm?
from an old post back in 2014... [quote] 2014-03-13 10:57 GMT-03:00 Bhagya Bantwal (bbantwal) <bbantwal () cisco com>: Hello Anacleto JĂșnior, The detection method with the snort.conf we ship is ac-split. The default in the code is ac-bnfa. Both detection methods are low on memory and high on performance. The optimal detection method depends on the rule set you have. Thank you! Bhagya [/quote]with that said, you need to look at your snort.conf file, Step #3, and study README.decode as well as the snort manual... specifically section 2.1.3.1...
[quote] #################################################### Step #3: Configure the base detection engine. For more information, see README.decode
################################################### [...]# Configure the detection engine See the Snort Manual, Configuring Snort - Includes - Config
config detection: search-method ac-split search-optimize max-pattern-len 20 [/quote]if that doesn't help you then you'll likely have to break out your code editor and compiler to create such an algorithm... i don't recognize the one you wrote... at least not in the context of snort...
-- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list unless* *a signed and pre-paid contract is in effect with us.* _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Change detection engine in Snort mohammed albasha via Snort-users (Nov 05)
- Re: Change detection engine in Snort wkitty42 (Nov 06)
- Download all Rule set mohammed albasha via Snort-users (Nov 19)