Query for fast_pattern override

[Arvind Kumar <arvind.kumar12 () gmail com>]

Hello Guys,

I have following query on fast_pattern; our snort.conf file has
*max-pattern-len
20 *for fast_pattern , I have only used* fast_pattern* keyword(here i have
not used  fast_pattern:only; *or* * ** fast_pattern:x,y;*)  in the rule for
the content which is more then 20 bytes to change the default snort
behavior of longest content as fast_pattern candidate .

My question : will "*fast_pattern* " keyword with a content size greater
then  20 bytes will override the snort's default longest content as
fast_pattern candidate and it will also override the max-pattern-len 20 or
should i use fast_pattern:only; to override the max-pattern-len and snort
default longest content as fast_pattern  ?

Warm Regards

Arvind Kumar

------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!