Snort mailing list archives
Slow snort Initialization.
From: Ralph Crongeyer <ralph () crongeyer com>
Date: Thu, 10 May 2007 12:43:28 -0400
Hi list, I'm new to snort and the list. We (my company) are in the process of updating our snort version from 2.4 to 2.6.1.4 and I am having this problem (if it is a problem). Background: Debian "Etch" libpcap (most current version) from http://public.lanl.gov/cpw/ (Phil Wood's libpcap) compiled from source. snort 2.6.1.4 compiled from source with libpcap compiled in (static). Configured like this: LDFLAGS=-static ./configure --enable-pthread --disable-dynamicplugin --with- libpcap-includes=/opt/libpcap-0.9x.20070323 --with-libpcap- libraries=/opt/libpcap-0.9x.20070323 Problem: It takes up to 6 min to initialize. 6 min to go from this: ############################################ Initializing Network Interface eth2 OpenPcap() device eth2 network lookup: eth2: no IPv4 address assigned Decoding Ethernet on interface eth2 ############################################ to being ready to snort: ############################################ --== Initialization Complete ==-- ,,_ -*> Snort! <*- o" )~ Version 2.6.1.4 (Build 54) '''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html (C) Copyright 1998-2007 Sourcefire Inc., et al. Using PCAP_FRAMES = 32768 ############################################ We have alot of rules... however our previous version (2.4) processes everything and is initialized in seconds? Can anone help me speed this up? Thanks Ralph ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Slow snort Initialization. Ralph Crongeyer (May 10)
- Re: Slow snort Initialization. Joel Esler (May 10)