Home page logo
/

snort logo Snort mailing list archives

Re: snort prune open sessions
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 21 Dec 2010 11:13:19 -0500

Looks like you have stream5 set to automatically prune open sessions if they are stagnant after 240 seconds.

Joel

On Dec 21, 2010, at 10:42 AM, Lawrence R. Hughes, Sr. wrote:

Hi,
 
Is there way to prune open sessions?
Here is our stream5 config:
 
preprocessor stream5_global: memcap 268435456, max_tcp 768000, track_tcp yes, max_udp 262144, track_udp yes, 
track_icmp no, flush_on_alert, prune_log_max 0

preprocessor stream5_tcp: policy first, use_static_footprint_sizes, max_queued_bytes 0, max_queued_segs 0, \

overlap_limit 4, timeout 240, \

dont_store_large_packets, \

ports client 21 22 23 25 42 53 79 109 110 111 113 119 135 136 137 139 143 \

161 445 513 514 587 593 691 1433 1521 2100 3306 6665 6666 6667 6668 6669 \

7000 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779, \

ports both 80 311 443 465 563 591 593 636 901 989 992 993 994 995 1220 1414 2301 2381 2809 3128 3702 6907 7702 7777 
7779 \

7801 7900 7901 7902 7903 7904 7905 7906 7908 7909 7910 7911 7912 7913 7914 7915 7916 \

7917 7918 7919 7920 8000 8008 8028 8080 8118 8123 8180 8243 8280 8888 9443 9999 11371

preprocessor stream5_udp: timeout 180

Thanks,

Larry

 
------------------------------------------------------------------------------
Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
http://p.sf.net/sfu/lotusphere-d2d_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Forrester recently released a report on the Return on Investment (ROI) of
Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even
within 7 months.  Over 3 million businesses have gone Google with Google Apps:
an online email calendar, and document program that's accessible from your 
browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault