Snort mailing list archives
Re: snort 2.9.3 - PreProcessor Profile stats for PCRE
From: Russ Combs <rcombs () sourcefire com>
Date: Thu, 28 Jun 2012 14:18:28 -0400
On Thu, Jun 28, 2012 at 6:52 AM, jbox2705 <jbox2705 () gmail com> wrote:
Hi All, Running Snort 2.9.3 on freebsd 9.0. Looking at the Sonrt's pref. data show 80% packet drop and no data processing in irregular intervals. Turned on PreProcessor Profile stats that shows the PCRE "Checks" and "Exists" differ (99% did not "exit"). The snort.conf file has no "pcre_match_limit" or "pcre_match_limit_recursion" configured. The server is not stressed out and have enough free memory. Did anyone came across similar problem ? any suggestions ? Thanks, Jbox
Suggest turning on rule profiling and looking for any heavy hitters that have pcre /O, which overrides the default pcre_match_limit* settings.
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort 2.9.3 - PreProcessor Profile stats for PCRE jbox2705 (Jun 28)
- Re: snort 2.9.3 - PreProcessor Profile stats for PCRE Russ Combs (Jun 28)
- Re: snort 2.9.3 - PreProcessor Profile stats for PCRE jbox2705 (Jun 30)
- Re: snort 2.9.3 - PreProcessor Profile stats for PCRE Russ Combs (Jun 28)