Snort PCRE prefilter

[Isturary Fw <istuary.fw () gmail com>]

Hi Snort Users.
I've been using Snort for a while now and would like to first thank all the
developers for all their efforts put into the software.
I have a quick question for development team.
I would like to obtain statistics on the Snort PCRE prefilter
functionality, in particular, what im interested in is seeing what is the
percentage of rules that do not get applied because of the PCRE
pre-filtering options such as fast_pattern option.
Is there is no such functionality, can you please point me in the right
direction so i can add some code to accomplish this?
At the end of the day i would like to know, for example scanning a
particular PCAP. how many rules were pre-filtered on all packets that were
scanned vs the rules that were searched with PCRE

Also, it states in the manual that:
The fast_pattern keyword is a content modifier that sets the content within
a rule to be used with the fast pattern matcher. The default behavior of
fast pattern determination is to use the longest HTTP buffer content

Does fast_pattern option work on other protocols besides HTTP?

Thank you in advance for all the help

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!