[Snort-inline-users] Snort_Inline-2.2.0 slow

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I have recently got around to upgrading my Snort_Inline from 2.0.6a to
2.2.0. I have made minimal changes to the default .conf file supplied with
inline-2.2.0, only changing the HOME_NET and 'config checksum_mode: all log'
(I have tacked on the log bit, hope it's right). The functionality is great,
lots to learn! But it is very slow. Top reports minimal cpu load and loads
of spare memory. As part of this upgrade I moved snort_inline to a more
powerful box. So to check out that the problem was snort_inline-2.2.0 and
not the rest of the system I rebuilt a 2.0.6a version and tried that. It
required the commenting out of http_inspect preprocessor lines in the .conf
file but other than that no changes. The 2.0.6a version runs much much much
faster.

Can someone tell me how to find what in 2.2.0 is causing the chronic
slowdown? Or suggestions on what to disable to try and get some zip back
into the system. I have been running snort-2.2.0 proper as an IDS for some
time and this reports no noticible increase in dropped packets.

All suggestions and help much appreciated.
regards,
Brian