[Snort-users] 240,000 alerts

John Creegan jcreegan at ...9729...
Mon Sep 15 13:55:08 EDT 2003


Try stopping and restarting the webserver.  If that doesn't work, then
definitely follow Jacob's excellent suggestion, and THEN restart the
webserver again.  One thing I forgot to mention was that after I changed
those variables I rebooted my Solaris box because I'm hardening the
system and wanted to make sure everything still worked after a cold
boot.  That had the effect of stopping and restarting apache.

> On Mon, 2003-09-15 at around 14:15, Bryan Irvine wrote:
>
>I upped the max_script_runtime to 18000, and nope no proxy. 
>
>Still behaves the same way :-/
>
>--Bryan
>
>
>On Mon, 2003-09-15 at 13:12, John Creegan wrote:
>> You've hit a topic near and dear to my heart today.  I *just* had to
do
>> two things:
>>      1. Change the max_script_runtime variable in acid_conf.php.  I
>> used 300 seconds.
>>      2. If your browser is using a proxy server, make sure you
bypass
>> it for local addresses.  Check
>>          with your network admin to make sure there's no problem in
>> doing that.
>> 
>> Good luck.
>>> 
>> On Mon, 2003-09-15 at around 14:00, Bryan Irvine wrote:
>> 
>> >I suppose I should add what the problem is...;-)
>>> >
>> >It times out after deleting only a couple thousand or so. 
>> >This would take me all week to do if I had to do it manually.
>> 
>> >On Mon, 2003-09-15 at 11:46, Bryan Irvine wrote:
>> >> I checked ACID this morning to find that I had 240,000 Web-CGI
>> redirect
>> >> alerts.  ugh...  How can I delete all of these?
>> >> 
>> >> I've tried upping the max_script_runtime per some
>> (dated)documentation I
>> >> found on the web, but it doesn't seem to make any difference.
>> >> 
>> >> Is there another option I need to change? or should I do this
>> directly
>> >> in postgres itself?
>> >> 
>> > --Bryan



This message (including any attachments) contains confidential 
information intended for a specific individual and purpose, 
and is protected by law.  If you are not the intended recipient,
you should delete this message and are hereby notified that any 
disclosure,copying, or distribution of this message, or the taking 
of any action based on it, is strictly prohibited.





More information about the Snort-users mailing list