Re: snort just stop when more 32000 alerts (different IPs) aregenerated

[twig les <twigles () yahoo com>]

--- "maguiler () cantv net" <maguiler () cantv net> wrote:
> Hi
>
> The network I&#8217;m monitoring is quite big (actually
it&#8217;s huge).
> Every time
> works fine, until more than 32000 alerts (different
IP&#8217;s)
> aregenerated.
> When this happens, snort just stop probably because of an
> operating system
> restriction. 
>
> This happens, in my networks, about every 20-30 minutes, 

You generate 32,000 alerts in 20-30 minutes?  Eegads.  I would
tune the ruleset first, but if the number of directories is an
issue then don't log there (use -N in the command to start
snort).  Just do the Barnyard/database thing, or syslog or whatever.

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users