Snort mailing list archives
Re: HOME_NET Limit?
From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 17 Mar 2003 14:53:44 -0500
Well, I don't know about a parsing limit, however each added subnet is a serious performance impact. Last I heard, the devels were recommending not going over 10 or something on that order... 316 is probably totally unreasonable for snort to handle.
At 01:01 PM 3/17/2003 -0600, eelsten () mmm com wrote:
Can anyone tell me if there is a limit on the number of networks you can put in HOME_NET? I'm getting the following error, but I don't see a problem syntactically. I have 316 of them in there. Snort 1.9.0 is running under RH 7.3. Thanks! Initializing rule chains... ERROR line /etc/snort/snort.conf (29) => Unknown rule type: ,172.17.0.0/16 ... -- Eric Elsten 3M IT Telecommunications eelsten () mmm com 651-733-0541
-------------------------------------------------------This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- HOME_NET Limit? eelsten (Mar 17)
- Re: HOME_NET Limit? Erek Adams (Mar 17)
- Re: HOME_NET Limit? Matt Kettler (Mar 17)