Snort mailing list archives
Bug Report
From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Tue, 8 Apr 2003 07:25:51 -0600
I have a question about the rc.firewall script Either I have stumbled across an isolated anomaly or perhaps this pattern of behavior does exist universally. When passing traffic via IPTABLES to the QUEUE, after a short period of time on a rather high traffic system, the ip_queue queue fills up and then the error logs start showing up in magnitude. I have bumped this value way up in the ip_queue_maxlen file but once the QUEUE hits that value, I have "x" number of alerts to contend with. For example, if I bump the value up to 9092, once the ip_queue gets to that value, I will have 9092 error messages from /var/log/messages that show up on STDOUT. If the occurence of this type of event is authentic, has anyone there discovered a way to clear out this ip_queue so that it does not max out and stay maxed? Thanks for any suggestions or help with this matter. Tim Slighter
Current thread:
- Bug Report Slighter, Tim (Apr 08)
- OT: Help with Barnyard Gordon Cunningham (Apr 08)