Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Slow snort Initialization.

From: Ralph Crongeyer <ralph () crongeyer com>
Date: Thu, 10 May 2007 12:43:28 -0400
Hi list,
I'm new to snort and the list.

We (my company) are in the process of updating our snort version from 2.4 
to 2.6.1.4 and I am having this problem (if it is a problem).

Background:
Debian "Etch"

libpcap (most current version) from http://public.lanl.gov/cpw/ (Phil 
Wood's libpcap) compiled from source.

snort 2.6.1.4 compiled from source with libpcap compiled in (static). 
Configured like this:
LDFLAGS=-static ./configure --enable-pthread --disable-dynamicplugin --with-
libpcap-includes=/opt/libpcap-0.9x.20070323 --with-libpcap-
libraries=/opt/libpcap-0.9x.20070323

Problem:
It takes up to 6 min to initialize. 6 min to go from this:

############################################
Initializing Network Interface eth2
OpenPcap() device eth2 network lookup:
        eth2: no IPv4 address assigned
Decoding Ethernet on interface eth2
############################################

to being ready to snort:

############################################
        --== Initialization Complete ==--

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.6.1.4 (Build 54)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/team.html
           (C) Copyright 1998-2007 Sourcefire Inc., et al.

Using PCAP_FRAMES = 32768
############################################

We have alot of rules... however our previous version (2.4) processes 
everything and is initialized in seconds?

Can anone help me speed this up?

Thanks
Ralph




-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: