[Snort-devel] Slow exit in snort 2.1.x. Bug?

Martin Olsson elof at ...969...
Tue Jan 20 07:28:01 EST 2004


When I run snort 2.0.x in selftest mode, it is fast. The output is written
to the screen without any noticable interruption.

When I run snort 2.1.x in selftest mode I always get a delay for approx 10
seconds before the test exits.


Here is the end of the output:
-----------------------------------------------------------------
telnet_decode arguments:
    Ports to decode telnet on: 21 23 25 119
database: compiled support for ( mysql )
database: configured to use mysql
database:          user = foo_flash
database: password is set
database: database name = foo_flash_01
database:          host = 10.20.30.10
database:   sensor name = flash_10.0.0.0_24
database:     sensor id = 1
database: schema version = 106
database: using the "log" facility
1487 Snort rules read...
1487 Option Chains linked into 164 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

+-----------------------[thresholding-config]----------------------------------
| memory-cap : 2097152 bytes
+-----------------------[thresholding-global]----------------------------------
| none
+-----------------------[thresholding-local]-----------------------------------
| gen-id=1      sig-id=499       type=Both       tracking=dst count=10
seconds=60
+-----------------------[suppression]------------------------------------------
-------------------------------------------------------------------------------
Rule application order: ->pass->activation->dynamic->alert->log

        --== Initialization Complete ==--

-*> Snort! <*-
Version 2.1.1-RC1 (Build 16)
By Martin Roesch (roesch at ...402..., www.snort.org)
   <<<  10 second delay  >>>
Snort sucessfully loaded all rules and checked all rule chains!
database: Closing connection to database ""
Snort exiting
Done. Cleaning up.
-----------------------------------------------------------------

The delay occurr after the line "By Martin Roesch" was printed.

I notice that the database name is "" when closing the db connection.
(above the database name was set to "foo_flash_01")

Snort v2.0.x display the name correctly when its selftest closes the db
connection.

Maybe this is part of the problem?



Snort 2.1.x is otherwise working properly. It's the delay that wasn't
there before that feels as if something is wrong.

/Martin





More information about the Snort-devel mailing list