Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Thanks, and a quick question (Was: snort-1.8.7 and alert file)

From: <bthaler () webstream net>
Date: Wed, 31 Jul 2002 15:59:00 -0400
Thanks to all who helped with my packet loss problem.  After some lowly groveling and a healthy dose of 
brown-nosing/begging, I
procured some much improved hardware to run my Snort sensor.  I've got packet loss down to about 1% with 1000+ rules.  
Considering
packet loss was around 30-40% yesterday, this is not too shabby, if you ask me.

I do have one question, though.  I was looking at Snort's stats, and noticed this:
Action Stats:
ALERTS: 2305
LOGGED: 105

My output plug-in is using the "log" facility.  I was under the impression that the "alert" facility only alerts, but 
"log" both
alerts and logs.  Do the stats above mean that 2305 alerts were generated, but only 105 were logged?  This is what I'm 
assuming.
This doesn't sound good to me.  Can anyone shed any light on this?





Regards,

Brad T.




-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: