Last time in frostbite falls, our intrepid heroes were faced with a big
question:
why does sa-compile take 5 mins on some boxes and 45mins on other.? same
cpu, same os, same ram, same load.
I think we all came to the conclustion that
sa rules (700 of them)? by themselves might take 5/10 mins to compile
Adding in sars (3000 rules), might add in 2 mins.
adding in sought rules (2500 lines) takes that 5 to 10 mins compile and
make it take 45 mins.
(so, if you are updating sought rules every 4 hours, 25% of that time is
taken up downloading and compiling rules)
anyone else see the same thing?
anyone else see something totally different?
anyone know why? and how to mitigate it?
one more thing.. I think it got worse when we went from rec2 0.12.* to
0.13.x
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________
