Snort mailing list archives
Re: pmgraph.pl
From: Edward Bjarte Fjellskål <edward.fjellskal () redpill-linpro com>
Date: Thu, 12 Nov 2009 06:26:43 +0100
Jefferson, Shawn wrote: As a comment to pmgraph.pl, I have earlyer made some basic plugins for Munin that graphs different stuff that I use/need to tune snort. http://www.gamelinux.org/?p=32 http://download.gamelinux.org/snort/Snort-Munin-Plugins.png In the light of new stable version of Munin soon to come this year (current is 1.4.0-alpha), I will probably spend some time and rewrite the plugin in perl, and merge all into one plugin. Munin also uses Tobi Oetiker's rrdtool btw. But at the moment, munin is a must for me on all sensors. http://download.gamelinux.org/snort/ ./Edward
Well, in the recent Sourcefire webinar on tuning the snort sensors it came up. From the whitepaper at http://www.snort.org/assets/126/WhitePaper_Snort_PerformanceTuning_2009.pdf "The next statistic is pattern match percentage. This is the number of bytes that Snort is passing through the pattern matcher to identify possible rules, compared to the total number of bytes seen by Snort. This number could be higher than 100%, in the case of IP defragmentation, TCP reassembly, DCE/RPC reassembly, etc. Ideally this would be in the 10% range."
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- pmgraph.pl Jefferson, Shawn (Nov 10)
- Re: pmgraph.pl Jason Wallace (Nov 10)
- Re: pmgraph.pl Jefferson, Shawn (Nov 10)
- Re: pmgraph.pl Jason Wallace (Nov 10)
- Re: pmgraph.pl Edward Bjarte Fjellskål (Nov 11)
- Re: pmgraph.pl Jefferson, Shawn (Nov 10)
- Re: pmgraph.pl Joel Esler (Nov 10)
- Re: pmgraph.pl JJ Cummings (Nov 10)
- Re: pmgraph.pl Jefferson, Shawn (Nov 10)
- Re: pmgraph.pl Joel Esler (Nov 10)
- Re: pmgraph.pl Jason Wallace (Nov 10)