[Snort-users] snort just stop when more 32000 alerts (different IPs) aregenerated
twigles at ...131...
Fri Dec 12 17:03:03 EST 2003
--- "maguiler at ...10756..." <maguiler at ...10756...> wrote:
> The network I’m monitoring is quite big (actually
> Every time
> works fine, until more than 32000 alerts (different
> When this happens, snort just stop probably because of an
> operating system
> This happens, in my networks, about every 20-30 minutes,
You generate 32,000 alerts in 20-30 minutes? Eegads. I would
tune the ruleset first, but if the number of directories is an
issue then don't log there (use -N in the command to start
snort). Just do the Barnyard/database thing, or syslog or whatever.
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
More information about the Snort-users