No subject


Thu Nov 23 16:36:19 EST 2017


To : snort-users at lists.sourceforge.net=20
Sent : 20110626024436
Subject : [Snort-users] Snort rules maximum rules per file

Hello,

Is there a limit on the number of rules support by snort in general? and on=
 per file basis? I have customized a file with 942099 rules and it took abo=
ut 15 minutes to start snort; but no alerts or actions wer fired.

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
942099 Snort rules read
    942099 detection rules
    0 decoder rules
    0 preprocessor rules
942099 Option Chains linked into 1 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

+-------------------[Rule Port Counts]-------------------------------------=
--
|             tcp     udp    icmp      ip
|     src       0       0       0       0
|     dst  942099       0       0       0
|     any       0       0       0       0
|      nc       0       0       0       0
|     s+d       0       0       0       0
+--------------------------------------------------------------------------=
--
--=20
Regards,
Hussein Bahaidara
---------------------------------------------------------------------------=
---
All the data continuously generated in your IT infrastructure contains a=20
definitive record of customers, application performance, security=20
threats, fraudulent activity and more. Splunk takes this data and makes=20
sense of it. Business sense. IT sense. Common sense..=20
http://p.sf.net/sfu/splunk-d2d-c1
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users

Please see http://www.snort.org/docs for documentation



--Apple-Mail-6--425836426
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<html><head><base href=3D"x-msg://118/"></head><body style=3D"word-wrap: br=
eak-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; =
">Sorry for late response as I was out of country.<div>the file is huge and=
 it is basically derived from the URL list: <a href=3D"http://urlblack=
list.com/?sec=3Ddownload">http://urlblacklist.com/?sec=3Ddownload</a></div>=
<div><br></div><div><br><div><div>On Jul 2, 2011, at 5:12 AM, =EA=B9=80=EB=
=AC=B4=EC=84=B1 wrote:</div><br class=3D"Apple-interchange-newline"><div><p=
 style=3D"margin-top: 2px; margin-bottom: 2px; ">nice.</p><div style=3D"mar=
gin-top: 2px; margin-bottom: 2px; "> <br class=3D"webkit-block-placeho=
lder"></div><p style=3D"margin-top: 2px; margin-bottom: 2px; ">can you give=
 me your rule file?</p><p style=3D"margin-top: 2px; margin-bottom: 2px; ">I=
t's very interesting.<br><br><font size=3D"2">----- Original Message -----<=
br>From : "Hussein Bahaidarah" <<a href=3D"mailto:husseinb at ...11827...">=
husseinb at ...11827...</a>><span class=3D"Apple-converted-space"> </s=
pan><br>To :<span class=3D"Apple-converted-space"> </span><a href=3D"m=
ailto:snort-users at lists.sourceforge.net">snort-users at lists.sourceforge.net<=
/a><span class=3D"Apple-converted-space"> </span><br>Sent : 2011062602=
4436<br>Subject : [Snort-users] Snort rules maximum rules per file<br><br><=
span class=3D"Apple-style-span" style=3D"background-color: rgb(255, 255, 25=
5); font-family: arial, sans-serif; font-size: 13px; ">Hello,</span></font>=
</p><font size=3D"2"><div style=3D"background-color: rgb(255, 255, 255); fo=
nt-family: arial, sans-serif; font-size: 13px; "><br></div><div style=3D"ba=
ckground-color: rgb(255, 255, 255); font-family: arial, sans-serif; font-si=
ze: 13px; ">Is there a limit on the number of rules support by snort in gen=
eral? and on per file basis? I have customized a file with 942099 rule=
s and it took about 15 minutes to start snort; but no alerts or actions wer=
 fired.</div><div style=3D"background-color: rgb(255, 255, 255); font-famil=
y: arial, sans-serif; font-size: 13px; "><br></div><div style=3D"z-index: a=
uto; position: static; background-color: rgb(255, 255, 255); font-family: a=
rial, sans-serif; font-size: 13px; "><span class=3D"Apple-style-span" style=
=3D"background-color: rgb(255, 255, 255); "><span style=3D"background-color=
: rgb(255, 255, 255); font-family: arial, sans-serif; font-size: 13px; "><d=
iv><div>++++++++++++++++++++++++++++++<wbr>+++++++++++++++++++++</div><div>=
Initializing rule chains...</div><div>942099 Snort rules read</div><div>&nb=
sp;   942099 detection rules</div><div>    0 decoder rules</=
div><div>    0 preprocessor rules</div><div>942099 Option Chains =
linked into 1 Chain Headers</div><div>0 Dynamic rules</div><div>+++++++++++=
+++++++++++++++++++<wbr>+++++++++++++++++++++</div><div><br></div><div>+---=
----------------[Rule Port Counts]-----------------------<wbr>-------------=
---</div><div>|             tcp    =
 udp    icmp      ip</div><div>|     src=
       0       0       0 &nbsp=
;     0</div><div>|     dst  942099     =
  0       0       0</div><div>|   &=
nbsp; any       0       0     &nbsp=
; 0       0</div><div>|      nc    =
   0       0       0     &nbsp=
; 0</div><div>|     s+d       0     &nbs=
p; 0       0       0</div><div>+-------------=
----------------<wbr>------------------------------<wbr>-----------------</=
div></div></span></span><span class=3D"Apple-style-span" style=3D"backgroun=
d-color: rgb(255, 255, 255); ">--</span><span class=3D"Apple-style-span" st=
yle=3D"background-color: rgb(255, 255, 255); "> </span><span class=3D"=
Apple-style-span" style=3D"background-color: rgb(255, 255, 255); "><br></sp=
an><span class=3D"Apple-style-span" style=3D"background-color: rgb(255, 255=
, 255); ">Regards,</span><span class=3D"Apple-style-span" style=3D"backgrou=
nd-color: rgb(255, 255, 255); "><br></span><span class=3D"Apple-style-span"=
 style=3D"background-color: rgb(255, 255, 255); ">Hussein Bahaidara</span><=
/div>----------------------------------------------------------------------=
--------<br>All the data continuously generated in your IT infrastructure c=
ontains a<span class=3D"Apple-converted-space"> </span><br>definitive =
record of customers, application performance, security<span class=3D"Apple-=
converted-space"> </span><br>threats, fraudulent activity and more. Sp=
lunk takes this data and makes<span class=3D"Apple-converted-space"> <=
/span><br>sense of it. Business sense. IT sense. Common sense..<span class=
=3D"Apple-converted-space"> </span><br><a href=3D"http://p.sf.net/sfu/=
splunk-d2d-c1">http://p.sf.net/sfu/splunk-d2d-c1</a><br>___________________=
____________________________<br>Snort-users mailing list<br><a href=3D"mail=
to:Snort-users at lists.sourceforge.net">Snort-users at lists.sourceforge.net</a>=
<br>Go to this URL to change user options or unsubscribe:<br><a href=3D"htt=
ps://lists.sourceforge.net/lists/listinfo/snort-users">https://lists.source=
forge.net/lists/listinfo/snort-users</a><br>Snort-users list archive:<br><a=
 href=3D"http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users">http:/=
/www.geocrawler.com/redir-sf.php3?list=3Dsnort-users</a><br><br>Please see<=
span class=3D"Apple-converted-space"> </span><a href=3D"http://www.sno=
rt.org/docs">http://www.snort.org/docs</a><span class=3D"Apple-converted-sp=
ace"> </span>for documentation<br></font><img src=3D"http://mail.infos=
ec.co.kr/module/mail/notify.php?home=3DMjAxMTA3MDIxMTEyMjl8aHVzc2VpbmJAZ21h=
aWwuY29tfC9ob21lL21haWwvaDAxL2luZm9zZWMuY28ua3Iva2ltbXMvaW5kZXguZGJz" width=
=3D"1" border=3D"0" heigh=3D"1"></div></div><br></div></body></html>=

--Apple-Mail-6--425836426--




More information about the Snort-users mailing list