Snort mailing list archives
Re: disable Verifying Preprocessor Configurations
From: Hussein Bahaidarah <husseinb () gmail com>
Date: Fri, 8 Jul 2011 00:14:14 +0200
I am stress testing Snort with IXIA and I am building different scenarios for this test. One of the test scenarios involves a big number of rules. Regards, On Jul 8, 2011, at 12:08 AM, Will Metcalf wrote: I'm not sure what you are trying to accomplish with 50k rules, but I'm guessing you have the wrong tool for the job. Just my 2 cents... Regards, Will On Thu, Jul 7, 2011 at 4:57 PM, Hussein Bahaidarah <husseinb () gmail com> wrote:
Hello, 50K might be a lot. However, none of them need a preprocessor. My concern is why preprocessing verification is still taking place? On Jul 7, 2011, at 11:46 PM, Joel Esler wrote: You are loading 50 thousand rules, and you are wondering why Snort is taking a long time to start up? On Jul 7, 2011, at 5:25 PM, Hussein Bahaidarah wrote:Hi, Yes, all lines are commented out. by the way, I am using beta version 2.9.1. Snort initialization shows that no preprocessor rules are used. +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... 50001 Snort rules read 50001 detection rules 0 decoder rules 0 preprocessor rules 50001 Option Chains linked into 1 Chain Headers 0 Dynamic rules +++++++++++++++++++++++++++++++++++++++++++++++++++ On Jul 7, 2011, at 9:46 PM, waldo kitty wrote: On 7/7/2011 15:26, Hussein Bahaidarah wrote:Hello, I am not using any preprocessor.really? no preprocessors at all?? each and every one of them are commented out in your snort.conf?However, still snort does the "Verifying Preprocessor Configurations" step at the loading stage. Is there any way to turn this off as it takes long time as the rule file grows. " Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Verifying Preprocessor Configurations! " Thanks------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
Current thread:
- Re: disable Verifying Preprocessor Configurations, (continued)
- Re: disable Verifying Preprocessor Configurations waldo kitty (Jul 07)
- Re: disable Verifying Preprocessor Configurations Hussein Bahaidarah (Jul 07)
- Re: disable Verifying Preprocessor Configurations Joel Esler (Jul 07)
- Re: disable Verifying Preprocessor Configurations Hussein Bahaidarah (Jul 07)
- Re: disable Verifying Preprocessor Configurations Russ Combs (Jul 07)
- Re: disable Verifying Preprocessor Configurations Hussein Bahaidarah (Jul 07)
- Re: disable Verifying Preprocessor Configurations Russ Combs (Jul 07)
- Re: disable Verifying Preprocessor Configurations waldo kitty (Jul 07)
- Re: disable Verifying Preprocessor Configurations Russ Combs (Jul 08)
- Re: disable Verifying Preprocessor Configurations Hussein Bahaidarah (Jul 07)
- Re: disable Verifying Preprocessor Configurations waldo kitty (Jul 07)
- Re: disable Verifying Preprocessor Configurations Will Metcalf (Jul 07)
- Re: disable Verifying Preprocessor Configurations Hussein Bahaidarah (Jul 07)