[Oisf-devel] Extremely long startup times on latest git
Martin Holste
mcholste at gmail.com
Sun Sep 18 18:06:02 UTC 2011
I'm seeing load times of greater than a half hour with a standard
setup, using default config values:
[25718] 18/9/2011 -- 11:25:53 - (detect.c:2440) <Info>
(SigAddressPrepareStage1) -- 9301 signatures processed. 2013 are
IP-only rules, 2796 are inspecting packet payload, 2739 inspect
application layer, 0 are decoder/engine/stream event only
[25718] 18/9/2011 -- 11:25:53 - (detect.c:2443) <Info>
(SigAddressPrepareStage1) -- building signature grouping structure,
stage 1: adding signatures to signature source addresses... complete
[25718] 18/9/2011 -- 11:31:53 - (detect.c:3085) <Info>
(SigAddressPrepareStage2) -- building signature grouping structure,
stage 2: building source address list... complete
[25718] 18/9/2011 -- 11:59:07 - (detect.c:3642) <Info>
(SigAddressPrepareStage3) -- MPM memory 330428951 (dynamic 330428951,
ctxs 0, avg per ctx 0)
[25718] 18/9/2011 -- 11:59:07 - (detect.c:3644) <Info>
(SigAddressPrepareStage3) -- max sig id 9301, array size 1163
[25718] 18/9/2011 -- 11:59:07 - (detect.c:3655) <Info>
(SigAddressPrepareStage3) -- building signature grouping structure,
stage 3: building destination address lists... complete
I think 6 minutes is a pretty long time to compile signatures (stage
1), but I've seen that before. Why does it take 28 minutes to build a
source address list? I'm using the standard ET ruleset.
More information about the Oisf-devel
mailing list