[Snort-users] Using afpacket in IDS mode - HELP PLEASE
b.arenal at ...11827...
Mon Jun 4 13:17:36 EDT 2012
I just wanted to ask this question again. Is there any reason not to
use afpacket when running in passive mode rather than standard
On Mon, May 28, 2012 at 9:04 AM, Bryan Arenal <b.arenal at ...11827...> wrote:
> I was reviewing my sensor configurations and was wondering about the
> use of afpacket in IDS mode. Is there any reason not to use it when
> monitoring passively opposed to libpcap?
> I'm testing it in this configuration and am seeing this in my logs.
> My daq_var buffer_size_mb=2048:
> S5: Session exceeded configured max bytes to queue 1048576 using
> 1049220 bytes (client queue)
> Is this also happening in pcap mode but the the logging isn't as verbose?
> Thank you
More information about the Snort-users