[Snort-users] Fw: Snort No. of Alerts= Packets ??

Joel Esler (jesler) jesler at ...589...
Mon Feb 13 08:08:32 EST 2017


Very possible.  Thresholding and reassembled stream alerts are two examples.

--
Sent from my iPhone

On Feb 13, 2017, at 6:12 AM, Asad, Hafiz ul <Hafiz-ul.Asad at ...17478...<mailto:Hafiz-ul.Asad at ...17478...>> wrote:



The screen shot is attached here.

________________________________
From: Asad, Hafiz ul
Sent: Monday, February 13, 2017 11:06 AM
To: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
Subject: Snort No. of Alerts= Packets ??




Snort Users,

Is it possible that snort generates alerts that are less in number than the number of packets that generate these alerts? Attach is the Barnyard2 summary where alerts are much lesser than the packets it saved in the mysql database.

Regards
Asad

<Barnyard2.jpg>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org<http://SlashDot.org>! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170213/767a99d2/attachment.html>


More information about the Snort-users mailing list