[Snort-devel] Snort Alert max_queue_events Parameter

İzzettin Erdem root.mch at gmail.com
Wed Jun 13 01:18:13 EDT 2018


I changed max_queue_events and log parameter in snort.conf and I expected
all the alerts appear but just 100 alerts appear. I have 1000 rules and all
rules are the same. So if one packet consist one of this rules Snort must
alerts 1000 times. How can I solve this problem ?


config event_queue: max_queue 1000 log 1000 order_events content_length
config detection: max_queue_events 1000

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20180613/6bcaf0e6/attachment.html>

More information about the Snort-devel mailing list