Inline config won't pass DHCP

[Glenn Fowler <gfowler1 () outlook com>]

Hello all,

I have been trying  figure this out for a while now. Running 2.9.7.2
inline. If my modem is power cycled, the DHCP info (discover, offer,
request, ack) will not pass through snort. No rules are fired. However, if
I connect the modem directly to the router bypassing snort until the DHCP
lease is established and then physically reconnect snort back inline,
traffic flows fine. I can even then do a DHCP release and renew with snort
inline and it works, so I know snort is passing that UDP traffic fine.

My first though was to increase the UDP timeout from the default 30,
because of the modem power-up time: preprocessor stream5_udp: timeout 180

After changing, the logs show:

Sun May  8 18:30:19 2016 daemon.notice snort[8460]:     UDP cache pruning
timeout: 30 seconds
Sun May  8 18:30:19 2016 daemon.notice snort[8460]:     UDP cache nominal
timeout: 180 seconds

I haven't found anywhere is change "UDP cache pruning timeout". Can this be
changed or am I going completely in the wrong direction?

Any help appreciated...
Glenn

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!