Snort mailing list archives
Re: disable Verifying Preprocessor Configurations
From: Russ Combs <rcombs () sourcefire com>
Date: Thu, 7 Jul 2011 18:05:27 -0400
On Thu, Jul 7, 2011 at 5:57 PM, Hussein Bahaidarah <husseinb () gmail com>wrote:
Hello, 50K might be a lot. However, none of them need a preprocessor. My concern is why preprocessing verification is still taking place?
It is verifying an empty list of preprocessors. Happens very quickly. :) That line is always output. The next step has to do with fast pattern setup and that is what is taking some time.
On Jul 7, 2011, at 11:46 PM, Joel Esler wrote: You are loading 50 thousand rules, and you are wondering why Snort is taking a long time to start up? On Jul 7, 2011, at 5:25 PM, Hussein Bahaidarah wrote:Hi, Yes, all lines are commented out. by the way, I am using beta version2.9.1. Snort initialization shows that no preprocessor rules are used.+++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... 50001 Snort rules read 50001 detection rules 0 decoder rules 0 preprocessor rules 50001 Option Chains linked into 1 Chain Headers 0 Dynamic rules +++++++++++++++++++++++++++++++++++++++++++++++++++ On Jul 7, 2011, at 9:46 PM, waldo kitty wrote: On 7/7/2011 15:26, Hussein Bahaidarah wrote:Hello, I am not using any preprocessor.really? no preprocessors at all?? each and every one of them arecommented outin your snort.conf?However, still snort does the "Verifying Preprocessor Configurations"step at the loading stage. Is there any way to turn this off as it takes long time as the rule file grows." Rule application order:activation->dynamic->pass->drop->sdrop->reject->alert->logVerifying Preprocessor Configurations! " Thanks------------------------------------------------------------------------------All of the data generated in your IT infrastructure is seriouslyvaluable.Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation------------------------------------------------------------------------------All of the data generated in your IT infrastructure is seriouslyvaluable.Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
Current thread:
- disable Verifying Preprocessor Configurations Hussein Bahaidarah (Jul 07)
- Re: disable Verifying Preprocessor Configurations waldo kitty (Jul 07)
- Re: disable Verifying Preprocessor Configurations Hussein Bahaidarah (Jul 07)
- Re: disable Verifying Preprocessor Configurations Joel Esler (Jul 07)
- Re: disable Verifying Preprocessor Configurations Hussein Bahaidarah (Jul 07)
- Re: disable Verifying Preprocessor Configurations Russ Combs (Jul 07)
- Re: disable Verifying Preprocessor Configurations Hussein Bahaidarah (Jul 07)
- Re: disable Verifying Preprocessor Configurations Russ Combs (Jul 07)
- Re: disable Verifying Preprocessor Configurations waldo kitty (Jul 07)
- Re: disable Verifying Preprocessor Configurations Russ Combs (Jul 08)
- Re: disable Verifying Preprocessor Configurations Hussein Bahaidarah (Jul 07)
- Re: disable Verifying Preprocessor Configurations waldo kitty (Jul 07)
- Re: disable Verifying Preprocessor Configurations Will Metcalf (Jul 07)
- Re: disable Verifying Preprocessor Configurations Hussein Bahaidarah (Jul 07)