Snort Blocked tab takes an incredibly long time to load.

  • That is, if the tab ever load up at all.  It seems that whatever is parsing to match blocked IP's with the reason code takes a very, VERY long time to run.  This is on a relatively fast box too.  1Ghz CPU, 1GB RAM.

    Perhaps doing the matching in the background as a cron-per-minute and adding the entries into a db would eliminate this slowdown?  As of right now this is a very big problem.  I can always shell in and do a pfctl -t snort2c -T show to identify if an IP is blocked and then run the delete command, but there's no way for me to identify WHY it happened to disable the rule that caused it.  ie, in this case pptp is causing it.

  • Deinstall and reinstall Snort.  This bug was fixed.

Log in to reply