[Snort-users] Snort rules maximum rules per file

Hussein Bahaidarah husseinb at ...11827...
Sun Jun 26 13:04:58 EDT 2011


Hello,

I have found after extensive testing that only 131008 rules only fires alert and action. Any rule after that will not take any action.

On Jun 25, 2011, at 8:39 PM, Hussein Bahaidarah wrote:

Hello,

Is there a limit on the number of rules support by snort in general? and on per file basis? I have customized a file with 942099 rules and it took about 15 minutes to start snort; but no alerts or actions wer fired.

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
942099 Snort rules read
    942099 detection rules
    0 decoder rules
    0 preprocessor rules
942099 Option Chains linked into 1 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

+-------------------[Rule Port Counts]---------------------------------------
|             tcp     udp    icmp      ip
|     src       0       0       0       0
|     dst  942099       0       0       0
|     any       0       0       0       0
|      nc       0       0       0       0
|     s+d       0       0       0       0
+----------------------------------------------------------------------------
-- 
Regards,
Hussein Bahaidara

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110626/9d7163c3/attachment.html>


More information about the Snort-users mailing list