[Snort-users] Aurora Exploit Attempt Alert One Hour Delay

[waldo kitty]

On 1/23/2014 11:28 AM, LaTonya Hall wrote:
> There is about a one hour delay from exploit attempt to snort alert…any ideas?

no ideas at all... not without more information...

1. what rule(s) are you speaking of?
2. do you have any pcaps of the traffic?
3. are you using something to post the alert data to a database?
4. are you speaking of the delay in the alert showing up in the database?

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.