Event Queue Configuration Options

Next: Event Queue Configuration Examples Up: Event Logging Previous: Event Logging Contents

Event Queue Configuration Options

There are three configuration options to the configuration parameter 'event_queue'.

123.

max_queue

This determines the maximum size of the event queue. For example, if the event queue has a max size of 8, only 8 events will be stored for a single packet or stream.

The default value is 8.

124.

log

This determines the number of events to log for a given packet or stream. You can't log more than the max_event number that was specified.

The default value is 3.

125.

order_events

This argument determines the way that the incoming events are ordered. We currently have two different methods:

priority - The highest priority (1 being the highest) events are ordered first.
content_length - Rules are ordered before decode or preprocessor alerts, and rules that have a longer content are ordered before rules with shorter contents.

The method in which events are ordered does not affect rule types such as pass, alert, log, etc.

The default value is content_length.

Next: Event Queue Configuration Examples Up: Event Logging Previous: Event Logging Contents

Eugene Misnik 2013-05-08