Re: 2.6.1 and LOOOONG startup times plusmoreignore_scanners info

["John York" <YorkJ () brcc edu>]

> -----Original Message-----
> From: James Lay [mailto:jlay () slave-tothe-box net] 
> Sent: Friday, November 17, 2006 11:17 AM
> To: 'Snort'
> Subject: Re: [Snort-users] 2.6.1 and LOOOONG startup times 
> plusmoreignore_scanners info
>
> And HOLY SMACKERS!  Ac-bnfa sure made a difference!  Tested 
> with that and
> now snort is using 9% of memory, and init time was less then a minute!
HOLY SMACKERS indeed!  I was having similar problems--thought my snort
had gone into an infinite loop since it took so long to start.  ac-bnfa
made no sense to me, so I RTFM.  No help there, so in desparation I
RTFRL.  There I found this:
    * Smaller memory footprint pattern mattcher using Aho-Corasick,
      using NFA.  Use 'config detection: search-method ac-bnfa' to 
      enable.  This will become the default pattern matcher in future
      releases.  Wu-Manhber has been deprecated (mwm).
Now life is good again (more or less.)
Thanks
John

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users