Snort mailing list archives
Re: 2.6.1 and LOOOONG startup times plusmoreignore_scanners info
From: "John York" <YorkJ () brcc edu>
Date: Fri, 17 Nov 2006 12:01:29 -0500
-----Original Message----- From: James Lay [mailto:jlay () slave-tothe-box net] Sent: Friday, November 17, 2006 11:17 AM To: 'Snort' Subject: Re: [Snort-users] 2.6.1 and LOOOONG startup times plusmoreignore_scanners info And HOLY SMACKERS! Ac-bnfa sure made a difference! Tested with that and now snort is using 9% of memory, and init time was less then a minute!
HOLY SMACKERS indeed! I was having similar problems--thought my snort had gone into an infinite loop since it took so long to start. ac-bnfa made no sense to me, so I RTFM. No help there, so in desparation I RTFRL. There I found this: * Smaller memory footprint pattern mattcher using Aho-Corasick, using NFA. Use 'config detection: search-method ac-bnfa' to enable. This will become the default pattern matcher in future releases. Wu-Manhber has been deprecated (mwm). Now life is good again (more or less.) Thanks John ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- 2.6.1 and LOOOONG startup times plus more ignore_scanners info James Lay (Nov 17)
- Re: 2.6.1 and LOOOONG startup times plus more ignore_scanners info Justin Heath (Nov 17)
- Re: 2.6.1 and LOOOONG startup times plus moreignore_scanners info James Lay (Nov 17)
- Re: 2.6.1 and LOOOONG startup times plusmoreignore_scanners info John York (Nov 17)
- Re: 2.6.1 and LOOOONG startup times plus moreignore_scanners info James Lay (Nov 17)
- Re: 2.6.1 and LOOOONG startup times plus more ignore_scanners info Nigel Houghton (Nov 17)
- Re: 2.6.1 and LOOOONG startup times plus moreignore_scanners info James Lay (Nov 17)
- Re: 2.6.1 and LOOOONG startup times plus more ignore_scanners info Justin Heath (Nov 17)