[Snort-users] Fw: Snort No. of Alerts= Packets ??

Joel Esler (jesler) jesler at ...589...
Mon Feb 13 08:08:32 EST 2017

Very possible.  Thresholding and reassembled stream alerts are two examples.

Sent from my iPhone

On Feb 13, 2017, at 6:12 AM, Asad, Hafiz ul <Hafiz-ul.Asad at ...17478...<mailto:Hafiz-ul.Asad at ...17478...>> wrote:

The screen shot is attached here.

From: Asad, Hafiz ul
Sent: Monday, February 13, 2017 11:06 AM
To: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
Subject: Snort No. of Alerts= Packets ??

Snort Users,

Is it possible that snort generates alerts that are less in number than the number of packets that generate these alerts? Attach is the Barnyard2 summary where alerts are much lesser than the packets it saved in the mysql database.


Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org<http://SlashDot.org>! http://sdm.link/slashdot
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170213/767a99d2/attachment.html>

More information about the Snort-users mailing list