[Snort-users] Issues in changing max_queue_events value
Navdeep.Uniyal at ...17876...
Tue May 30 11:42:46 EDT 2017
I have been trying to experiment with 200 alerts for snort. But the issue is while I am increasing the max_queue_events value to 300, it is getting default to 100.
As per snort output....
Alerts: 100 (9998.500%)
Logged: 100 (9998.500%)
Passed: 0 ( 0.000%)
Which means that it is alerting for 100 rules, whereas other 100 rules are matching but are ignored. As per snort manual, max_queue_events handle this factor, which I am already changing. Please if you could help me in this regard.
PFA the snort file.
More information about the Snort-users