Snort mailing list archives
RE: [Snort-devel] max_queue_events
From: "Marc Norton" <marc.norton () sourcefire com>
Date: Mon, 10 May 2004 09:34:51 -0400
max_queue_event determines how many alerts/events to queue per packet. When packet processing is done, one or more of these is saved. Snort versions prior to 2.1.3 use this parameter and can log only one event per packet. Starting with version 2.1.3 the queue size and the number of events per packet to log can be adjusted. This has nothing to do with dropping traffic, at least not directly.
-----Original Message----- From: snort-devel-admin () lists sourceforge net [mailto:snort-devel- admin () lists sourceforge net] On Behalf Of Thomas Bechtold Sent: Friday, May 07, 2004 3:08 PM To: snort-users () lists sourceforge net;
snort-devel () lists sourceforge net
Subject: [Snort-devel] max_queue_events Hi, Could anybody explain me the exact function from max_queue_events? I watched the sourcecode, but i'm not sure which need this parameter
has.
I'm not good in programming;) Can i tell snort, how big the queue for pakets(which will be checked)
is?
The default is 5, so if i increase this value, Snort would be slower but
don't
have packet loss? Right or not? Cheers Thomas used max_queue_event with: [snip snort.conf] config detection: max_queue_events 10 [snap] ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- max_queue_events Thomas Bechtold (May 07)
- RE: [Snort-devel] max_queue_events Marc Norton (May 10)
- <Possible follow-ups>
- max_queue_events Thomas Bechtold (May 10)