[Snort-users] data from multiple sessions in one alert/packet
jhart at ...8039...
Thu May 18 15:12:08 EDT 2006
On Thu, May 18, 2006 at 02:07:08PM -0400, Joel Esler wrote:
> What type of output module are you using?
I'm using the database output plugin. I know that can be a problem
under high load, right? Is that high alert load or just high pps load
in general? My signatures are fairly tight so we get maybe 10-20
hits/hour, though occassionally we'll get a peak when someone scans us
I had been using barnyard, but dumped it while attempting to debug
another problem. If barnyard will help here, I'll do that again.
More information about the Snort-users