Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [Snort-devel] max_queue_events

From: "Marc Norton" <marc.norton () sourcefire com>
Date: Mon, 10 May 2004 09:34:51 -0400

max_queue_event determines how many alerts/events to queue per packet.
When packet processing is done, one or more of these is saved.  Snort
versions prior to 2.1.3 use this parameter and can log only one event
per packet.  Starting with version 2.1.3 the queue size and the number
of events per packet to log can be adjusted.   This has nothing to do
with dropping traffic, at least not directly.


-----Original Message-----
From: snort-devel-admin () lists sourceforge net [mailto:snort-devel-
admin () lists sourceforge net] On Behalf Of Thomas Bechtold
Sent: Friday, May 07, 2004 3:08 PM
To: snort-users () lists sourceforge net;

snort-devel () lists sourceforge net

Subject: [Snort-devel] max_queue_events

Hi,
Could anybody explain me the exact function from max_queue_events?
I watched the sourcecode, but i'm not sure which need this parameter

has.

I'm
not good in programming;)

Can i tell snort, how big the queue for pakets(which will be checked)

is?

The
default is 5, so if i increase this value, Snort would be slower but

don't

have packet loss? Right or not?

Cheers Thomas



used max_queue_event with:

[snip snort.conf]
config detection: max_queue_events 10
[snap]


-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel





-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: