Snort mailing list archives

Re: Snort takes prohibitively huge time for multiple pcap files

From: "Bhargava Jandhyala (bjandhya)" <bjandhya () cisco com>
Date: Thu, 19 Jan 2017 12:43:30 +0000

Also share the snort.conf and complete cmd

From: "Bhargava Jandhyala (bjandhya)" <bjandhya () cisco com>
Date: Thursday, 19 January 2017 at 5:56 PM
To: "Asad, Hafiz ul" <Hafiz-ul.Asad () city ac uk>, "snort-users () lists sourceforge net" <snort-users () lists 
sourceforge net>
Subject: Re: [Snort-users] Snort takes prohibitively huge time for multiple pcap files

Can you please share the pcap’s.

From: "Asad, Hafiz ul" <Hafiz-ul.Asad () city ac uk>
Date: Monday, 16 January 2017 at 3:24 PM
To: "Bhargava Jandhyala (bjandhya)" <bjandhya () cisco com>, "snort-users () lists sourceforge net" <snort-users () 
lists sourceforge net>
Subject: Re: [Snort-users] Snort takes prohibitively huge time for multiple pcap files


The cmd I used is,

-pcap-list="pcap1 pcap2"

Asad

________________________________
From: Bhargava Jandhyala (bjandhya) <bjandhya () cisco com>
Sent: Sunday, January 15, 2017 6:16:35 AM
To: Asad, Hafiz ul; snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snort takes prohibitively huge time for multiple pcap files

Hi

Can you please share the cmd that used for running the pcaps list.

Thanks,
Bhargava

From: "Asad, Hafiz ul" <Hafiz-ul.Asad () city ac uk>
Date: Friday, 13 January 2017 at 10:56 PM
To: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net>
Subject: [Snort-users] Snort takes prohibitively huge time for multiple pcap files

Snort Users,

I have two pcap files (about 600 MB each), if I analyse them one-by-one, it took snort 2.9.8.0 about 1 mint 10 sec to 
process them. But if I use any option of multiple files, e.g. --pcap-list “<list>”, it takes like forever for snort to 
finish and I have to manually stop it. Any solution for this?


Asad

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort takes prohibitively huge time for multiple pcap files Asad, Hafiz ul (Jan 13)
- Re: Snort takes prohibitively huge time for multiple pcap files Bhargava Jandhyala (bjandhya) (Jan 14)
  - Re: Snort takes prohibitively huge time for multiple pcap files Asad, Hafiz ul (Jan 16)
    - Re: Snort takes prohibitively huge time for multiple pcap files Bhargava Jandhyala (bjandhya) (Jan 19)
    - Re: Snort takes prohibitively huge time for multiple pcap files Bhargava Jandhyala (bjandhya) (Jan 19)
    - Re: Snort takes prohibitively huge time for multiple pcap files Asad, Hafiz ul (Jan 19)