Snort mailing list archives

Re: Snort 1.9.1 for windows 2000.

From: Erek Adams <erek () snort org>
Date: Mon, 17 Mar 2003 11:44:42 -0500 (EST)

On Mon, 17 Mar 2003, ANTONIO GUTIERREZ wrote:

i have Snort 1.9.1, running on windows 2000, my Alert.ids file changes
every 45min to 1 hour, after that it udpated file wth 90-100 alerts or
more, is this normal?


Well, that depends on your network.  As an alert is generated, it is
written to the output plugins.  If you're having bursty alerts, you might
want to look at the alert and do some forensics to see what's causing it.
We honestly have no way to know.  :)

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort 1.9.1 for windows 2000. ANTONIO GUTIERREZ (Mar 17)
- Re: Snort 1.9.1 for windows 2000. Erek Adams (Mar 17)