[Bro] Questions on regular expression syntax in BRO system
tianxin at mail.ustc.edu.cn
tianxin at mail.ustc.edu.cn
Sun May 30 00:34:26 PDT 2010
Hello:
I am from a research group interested in NIDS, our group has developed several ways to improve regex engine performance and decides to do experiments based on real open-source NIDS system.
However, it takes too much time to read bro code and find what we need, so here we need your help . We will appreciate if anyone can answer our questions.
The Question:
1 We know that bro uses regular expression, but we didn't find anything about the syntax of the regular expression applied. We want to know where to obtain related information. (As far as we know ,the snort system uses pcre regex engine whose syntax is perl compatible, how about bro? )
2 Does bro implement a regex engine itself? Or does it use some regex engine library? If it implements an engine, then which part of code is it? If it uses a library, then could you tell me what library it uses?
More information about the Bro
mailing list