Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Change detection engine in Snort

From: wkitty42 () windstream net
Date: Mon, 6 Nov 2017 09:15:02 -0500
On 11/06/2017 01:26 AM, mohammed albasha via Snort-users wrote:

Hi everyone

I want to ask one question about detection engine,
My question is : How can I change the detection method engine in snort ( the default is AC algorithm) toWu-manber algorithm? 

from an old post back in 2014...

[quote]
2014-03-13 10:57 GMT-03:00 Bhagya Bantwal (bbantwal) <bbantwal () cisco com>:

Hello Anacleto JĂșnior,

The detection method with the snort.conf we ship is ac-split. The
default in the code is ac-bnfa. Both detection methods are low on memory
and high on performance.

The optimal detection method depends on the rule set you have.

Thank you!
Bhagya
[/quote]
with that said, you need to look at your snort.conf file, Step #3, and study README.decode as well as the snort manual... specifically section 2.1.3.1... 


[quote]
###################################################
# Step #3: Configure the base detection engine. For more information, see README.decode 
###################################################

[...]
# Configure the detection engine See the Snort Manual, Configuring Snort - Includes - Config 
config detection: search-method ac-split search-optimize max-pattern-len 20
[/quote]
if that doesn't help you then you'll likely have to break out your code editor and compiler to create such an algorithm... i don't recognize the one you wrote... at least not in the context of snort... 



--
 NOTE: No off-list assistance is given without prior approval.
       *Please keep mailing list traffic on the list unless*
       *a signed and pre-paid contract is in effect with us.*
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Previous By Date Next
Previous By Thread Next

Current thread: