[Snort-users] snort just stop when more 32000 alerts (different IPs) aregenerated

twig les twigles at ...131...
Fri Dec 12 17:03:03 EST 2003


--- "maguiler at ...10756..." <maguiler at ...10756...> wrote:
> Hi
> 
> The network I’m monitoring is quite big (actually
it’s huge).
> Every time
> works fine, until more than 32000 alerts (different
IP’s)
> aregenerated.
> When this happens, snort just stop probably because of an
> operating system
> restriction. 
> 
> This happens, in my networks, about every 20-30 minutes, 

You generate 32,000 alerts in 20-30 minutes?  Eegads.  I would
tune the ruleset first, but if the number of directories is an
issue then don't log there (use -N in the command to start
snort).  Just do the Barnyard/database thing, or syslog or whatever.

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree




More information about the Snort-users mailing list