[Snort-users] Snort 2.9, RHEL 5 and afpacket DAQ

[Jeff Kell]

For Rich, Mike, and others (I may have mentioned this before, but just 
in case...)

I had rebuilt snort 2.8.6 with libpcap 1.1.1 and  had some worse 
performance than before, but then there was a discussion on one of the 
snort lists regarding sids 4676 and 4677 in the oracle-rules being a 
pcre "hog".

Disabling those two sids dropped my average CPU over half...

Jeff