[Snort-users] Thanks, and a quick question (Was: snort-1.8.7 and alert file)

bthaler at ...2720... bthaler at ...2720...
Wed Jul 31 13:00:03 EDT 2002


Thanks to all who helped with my packet loss problem.  After some lowly groveling and a healthy dose of brown-nosing/begging, I
procured some much improved hardware to run my Snort sensor.  I've got packet loss down to about 1% with 1000+ rules.  Considering
packet loss was around 30-40% yesterday, this is not too shabby, if you ask me.

I do have one question, though.  I was looking at Snort's stats, and noticed this:
Action Stats:
ALERTS: 2305
LOGGED: 105

My output plug-in is using the "log" facility.  I was under the impression that the "alert" facility only alerts, but "log" both
alerts and logs.  Do the stats above mean that 2305 alerts were generated, but only 105 were logged?  This is what I'm assuming.
This doesn't sound good to me.  Can anyone shed any light on this?





Regards,

Brad T.






More information about the Snort-users mailing list