[Snort-users] Bug Report
tslighter at ...5174...
Tue Apr 8 06:30:02 EDT 2003
I have a question about the rc.firewall script
Either I have stumbled across an isolated anomaly or perhaps this pattern of
behavior does exist universally.
When passing traffic via IPTABLES to the QUEUE, after a short period of time
on a rather high traffic system, the ip_queue queue fills up and then the
error logs start showing up in magnitude. I have bumped this value way up
in the ip_queue_maxlen file but once the QUEUE hits that value, I have "x"
number of alerts to contend with. For example, if I bump the value up to
9092, once the ip_queue gets to that value, I will have 9092 error messages
from /var/log/messages that show up on STDOUT. If the occurence of this
type of event is authentic, has anyone there discovered a way to clear out
this ip_queue so that it does not max out and stay maxed?
Thanks for any suggestions or help with this matter.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users