[Snort-users] Issues in changing max_queue_events value

Navdeep Uniyal Navdeep.Uniyal at ...17876...
Tue May 30 11:42:46 EDT 2017


Dear Users,

I have been trying to experiment with 200 alerts for snort. But the issue is while I am increasing the max_queue_events value to 300, it is getting default to 100.

As per snort output....

Action Stats:
     Alerts:      100 (9998.500%)
     Logged:      100 (9998.500%)
     Passed:            0 (  0.000%)
Limits:
      Match:      100
      Queue:       0
        Log:            0
      Event:         0
      Alert:           0


Which means that it is alerting for 100 rules, whereas other 100 rules are matching but are ignored. As per snort manual,  max_queue_events handle this factor, which I am already changing. Please if you could help me in this regard.

PFA the snort file.



Best Regards,
Navdeep




More information about the Snort-users mailing list