Snort mailing list archives
Re: [Spam] Re: S5 prunes
From: "Lay, James" <james.lay () wincofoods com>
Date: Fri, 30 Sep 2011 08:29:51 -0600
-----Original Message----- From: Joel Esler [mailto:jesler () sourcefire com] Sent: Friday, September 30, 2011 6:56 AM To: Peter Bates Cc: snort-users () lists sourceforge net Subject: [Spam] Re: [Snort-users] S5 prunes Importance: Low Looks like you are reaching the max memcap in Stream5. You can
increase
this value in your snort.conf file. Joel
While we're at it, what's the difference between segments and bytes? Sep 29 21:44:19 snort[31322]: S5: Session exceeded configured max segs to queue 2621 using 2621 segs (server queue). 70.196.8.120 1079 --> <ext_ip> 443 (0) : LWstate 0x9 LWFlags 0x6007 Sep 29 22:30:28 snort[31290]: S5: Session exceeded configured max bytes to queue 1048576 using 1048817 bytes (server queue). <int_ip> 1134 --> <int_ip> 445 (0) : LWstate 0x9 LWFlags 0x6007 And do I set that in global under max_tcp or memcap, or under tcp small_segments? Thanks all. James ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- S5 prunes Peter Bates (Sep 30)
- Re: S5 prunes Joel Esler (Sep 30)
- Re: [Spam] Re: S5 prunes Lay, James (Sep 30)
- Re: S5 prunes Joel Esler (Sep 30)