Snort mailing list archives

Snort Alert max_queue_events Parameter

From: İzzettin Erdem via Snort-devel <snort-devel () lists snort org>
Date: Wed, 13 Jun 2018 08:18:13 +0300

Hello,

I changed max_queue_events and log parameter in snort.conf and I expected
all the alerts appear but just 100 alerts appear. I have 1000 rules and all
rules are the same. So if one packet consist one of this rules Snort must
alerts 1000 times. How can I solve this problem ?

Snort.conf

config event_queue: max_queue 1000 log 1000 order_events content_length
config detection: max_queue_events 1000

Thanks

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Snort Alert max_queue_events Parameter İzzettin Erdem via Snort-devel (Jun 12)