Snort mailing list archives

Snort performance with perfmonitor

From: Peter Bates <peter.bates () ucl ac uk>
Date: Tue, 19 Jun 2012 12:53:44 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all...

I've been looking at the output of perfmonitor myself, and also with
'The Pig Doktah', and it has a slight air of confusion about it:

- -= Tha Pig Doktah 0.1 Dev =-
Copyright (C) 2010 JJ Cummings

Report Info:
        Processed: /var/log/snort/snort.stats
        First Entry: Fri Jun 15 14:37:29 2012
        Last Entry: Tue Jun 19 12:46:45 2012
        Time Span: 3 days, 22 hours, 9 minutes and 16 seconds

Wirespeed:
        High: 112.990 Mbits/Sec | Mon Jun 18 15:51:19 2012
        Low: 6.302 Mbits/Sec | Sat Jun 16 03:21:18 2012
        Avg: 61.378 Mbits/Sec

% Packet Loss:
        High: 305.249% | Tue Jun 19 12:41:45 2012
        Low: 12.339% | Sat Jun 16 06:50:42 2012
        Avg: 278.760%

Additional Info:
        Avg Pkt Size: 723.880 bytes
        Avg Syns/Sec: 204.620
        Avg SynAcks/Sec: 137.349
        Avg Alerts/Sec: 0.097
        Avg Current Cached Sessions: 10458.659

I'd say the wirespeed stats are fine, but the packet loss stats seem
to echo what I see (edited output):

Tue Jun 19 12:51:45 2012 75.414 59.807 3074474 9430751

According to the information, 3074474 have been received
but I've dropped 9430751.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division       Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJP4GhIAAoJELhVoVpEMS6R8QwH/2Ib2LL8strTYCSLW2TKBuwR
nPB6NPw8VMIHFO611t13cpKzuivH/3E/uyjm/Ncl5QSiRzHyvT9rRtxk6NGx7hSO
Ju6rmz0Bje/QC4XfAGU1f+Jvp6fR/u6Zm7FmAkGNVB+0baDD3/x8Yxg7SfN/Jbi2
NftOi0yaygz3dHFLOsWZ/Ym5PuxXOGZDcZqo616IUXOGkuucw0PD4CapTJWu0yM2
UZ3gSJ+CTRWeQK8Z1Y9RM6o++qm5IyKVt5bL/Hp+cLrmiR9+LwIP9gaRBsKlI+74
TblkrkMR7utONc7/uAKS+M88nG5BqJY7Xduoq0ZNW2QgIf61Ss74gbbcoV4kloA=
=T/to
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:

Snort performance with perfmonitor Peter Bates (Jun 19)
- Re: Snort performance with perfmonitor Joel Esler (Jun 19)