Snort mailing list archives
Re: Help interpreting snort statistics
From: Joel Esler <joel.esler () me com>
Date: Wed, 24 Mar 2010 21:05:06 -0400
Daniel, I'd be glad to help you out with this, however, this is a snapshot in time. I'd do better if your turned on the perfstats preprocessor (search the snort.conf for perfstats). That would provide me more detailed information. Joel On Mar 24, 2010, at 7:36 PM, Galley, Daniel wrote:
Attached is a log of our snort stats at the end of a 24-hour period. Anyone willing to take a look and point out any glaring problems? Also, does anyone have a link to a guide to help me understand what all of this means? We are running snort 2.8.5.3 on FreeBSD 8.0 (64-bit). The box is a Dell Optiplex with a Core 2 Duo E8600 (3.33 GHz) with 4 GB of memory. The sniffing interface is the built-on Intel Pro/1000. The sensor is sitting outside of our firewall and our outgoing traffic peaks at about 20 Mbps. Thanks a lot! Daniel S. Galley Desktop Support Analyst UCLA School of Dentistry <Mar24Perf.txt>------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Joel Esler http://blog.joelesler.net
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Help interpreting snort statistics Galley, Daniel (Mar 24)
- Re: Help interpreting snort statistics Joel Esler (Mar 24)
- Message not available
- Re: Help interpreting snort statistics Joel Esler (Mar 25)
- Message not available
- Re: Help interpreting snort statistics Joel Esler (Mar 24)