| Search Site |
| Search Rules |
| Account |
| not registered? |
| can't login? |
| user preferences |
 |
 |
|
|||||||||||||||||||
Next: Event Queue Configuration Examples Up: Snort Multi-Event Logging (Event Previous: Snort Multi-Event Logging (Event Contents
Event Queue Configuration Options
There are three configuration options to the configuration parameter 'event_queue'.
- 94.
- max_queue
This determines the maximum size of the event queue. For example, if the event queue has a max size of 8, only 8 events will be stored for a single packet or stream.
The default value is 8.
- 95.
- log
This determines the number of events to log for a given packet or stream. You can't log more than the max_event number that was specified.
The default value is 3.
- 96.
- order_events
This argument determines the way that the incoming events are ordered. We currently have two different methods:
- priority - The highest priority (1 being the highest) events are ordered
first.
- content_length - Rules are ordered before decode or preprocessor alerts, and rules that have a longer content are ordered before rules with shorter contents.
The method in which events are ordered does not affect rule types such as pass, alert, log, etc.
The default value is content_length.
- priority - The highest priority (1 being the highest) events are ordered
first.
Next: Event Queue Configuration Examples Up: Snort Multi-Event Logging (Event Previous: Snort Multi-Event Logging (Event Contents Steven Sturges 2007-05-11
| Terms of Use | Privacy Policy | forum archives | site feedback ©2009 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved. |