Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rule efficiency

From: waldo kitty <wkitty42 () windstream net>
Date: Fri, 23 Jul 2010 15:00:47 -0400
On 7/23/2010 13:38, Isherwood, Jeffrey - IS wrote:

I’m on the lookout for some traffic to several domains that I have been asked to
monitor… and I’m wondering which is more efficient, several rules that each only
look for a domain name – or one rule that looks for many domain names at once?

Currently I’m doing the one at a time method, but the list of domains I need to
monitor just quadrupled and I am unsure which would be more efficient…


multiple rules are more efficient... rules with regex is not as efficient...

there are times, however, where one might decide to go with the regex for 
numerous reasons... rule maintainability being one of those...

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: