Snort mailing list archives
Snort performance with perfmonitor
From: Peter Bates <peter.bates () ucl ac uk>
Date: Tue, 19 Jun 2012 12:53:44 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all... I've been looking at the output of perfmonitor myself, and also with 'The Pig Doktah', and it has a slight air of confusion about it: - -= Tha Pig Doktah 0.1 Dev =- Copyright (C) 2010 JJ Cummings Report Info: Processed: /var/log/snort/snort.stats First Entry: Fri Jun 15 14:37:29 2012 Last Entry: Tue Jun 19 12:46:45 2012 Time Span: 3 days, 22 hours, 9 minutes and 16 seconds Wirespeed: High: 112.990 Mbits/Sec | Mon Jun 18 15:51:19 2012 Low: 6.302 Mbits/Sec | Sat Jun 16 03:21:18 2012 Avg: 61.378 Mbits/Sec % Packet Loss: High: 305.249% | Tue Jun 19 12:41:45 2012 Low: 12.339% | Sat Jun 16 06:50:42 2012 Avg: 278.760% Additional Info: Avg Pkt Size: 723.880 bytes Avg Syns/Sec: 204.620 Avg SynAcks/Sec: 137.349 Avg Alerts/Sec: 0.097 Avg Current Cached Sessions: 10458.659 I'd say the wirespeed stats are fine, but the packet loss stats seem to echo what I see (edited output): Tue Jun 19 12:51:45 2012 75.414 59.807 3074474 9430751 According to the information, 3074474 have been received but I've dropped 9430751. - -- Peter Bates Senior Computer Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP4GhIAAoJELhVoVpEMS6R8QwH/2Ib2LL8strTYCSLW2TKBuwR nPB6NPw8VMIHFO611t13cpKzuivH/3E/uyjm/Ncl5QSiRzHyvT9rRtxk6NGx7hSO Ju6rmz0Bje/QC4XfAGU1f+Jvp6fR/u6Zm7FmAkGNVB+0baDD3/x8Yxg7SfN/Jbi2 NftOi0yaygz3dHFLOsWZ/Ym5PuxXOGZDcZqo616IUXOGkuucw0PD4CapTJWu0yM2 UZ3gSJ+CTRWeQK8Z1Y9RM6o++qm5IyKVt5bL/Hp+cLrmiR9+LwIP9gaRBsKlI+74 TblkrkMR7utONc7/uAKS+M88nG5BqJY7Xduoq0ZNW2QgIf61Ss74gbbcoV4kloA= =T/to -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort performance with perfmonitor Peter Bates (Jun 19)
- Re: Snort performance with perfmonitor Joel Esler (Jun 19)