Re: disable Verifying Preprocessor Configurations

[Joel Esler <jesler () sourcefire com>]

You are loading 50 thousand rules, and you are wondering why Snort is taking a long time to start up?


On Jul 7, 2011, at 5:25 PM, Hussein Bahaidarah wrote:

> Hi,
>
> Yes, all lines are commented out. by the way, I am using beta version 2.9.1. Snort initialization shows that no 
> preprocessor rules are used.
>
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> 50001 Snort rules read
>    50001 detection rules
>    0 decoder rules
>    0 preprocessor rules
> 50001 Option Chains linked into 1 Chain Headers
> 0 Dynamic rules
> +++++++++++++++++++++++++++++++++++++++++++++++++++
>
> On Jul 7, 2011, at 9:46 PM, waldo kitty wrote:
>
> On 7/7/2011 15:26, Hussein Bahaidarah wrote:
> > Hello,
> >
> > I am not using any preprocessor.
>
> really? no preprocessors at all?? each and every one of them are commented out 
> in your snort.conf?
>
> > However, still snort does the "Verifying Preprocessor Configurations" step at the loading stage. Is there any way to 
> > turn this off as it takes long time as the rule file grows.
> >
> > "
> > Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log
> > Verifying Preprocessor Configurations!
> > "
> >
> > Thanks
>
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security 
> threats, fraudulent activity, and more. Splunk takes this data and makes 
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2d-c2
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please see http://www.snort.org/docs for documentation
>
>
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security 
> threats, fraudulent activity, and more. Splunk takes this data and makes 
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2d-c2
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please see http://www.snort.org/docs for documentation


------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please see http://www.snort.org/docs for documentation