Snort mailing list archives

Issues in changing max_queue_events value

From: Navdeep Uniyal <Navdeep.Uniyal () neclab eu>
Date: Tue, 30 May 2017 15:42:46 +0000

Dear Users,

I have been trying to experiment with 200 alerts for snort. But the issue is while I am increasing the max_queue_events 
value to 300, it is getting default to 100.

As per snort output....

Action Stats:
     Alerts:      100 (9998.500%)
     Logged:      100 (9998.500%)
     Passed:            0 (  0.000%)
Limits:
      Match:      100
      Queue:       0
        Log:            0
      Event:         0
      Alert:           0


Which means that it is alerting for 100 rules, whereas other 100 rules are matching but are ignored. As per snort 
manual,  max_queue_events handle this factor, which I am already changing. Please if you could help me in this regard.

PFA the snort file.



Best Regards,
Navdeep

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Issues in changing max_queue_events value Navdeep Uniyal (May 30)
- Re: Issues in changing max_queue_events value Russ (Jun 01)