Snort mailing list archives
Re: RE: Snort PerfMon preprocessor output
From: sekure <sekure () gmail com>
Date: Fri, 22 Oct 2004 09:15:26 -0400
Barry, Two things: 1. What OS are you using, what version of libpcap, what version of snort? 2. Here is the the format of the perfmonitor file, from perf-base.c: /* * * Log Base Per Stats to File for Use by the MC * * unixtime(in secs since epoch) * %pkts dropped * mbits/sec * alerts/sec * K-Packets/Sec * Avg Bytes/Pkt * %bytes pattern matched * syns/sec * synacks/sec * new-sessions/sec * del-sessions/sec * total-sessions open * max-sessions * streamflushes/sec * streamfaults/sec * streamtimeouts * fragcompletes/sec * fraginserts/sec * fragdeletes/sec * fragflushes/sec * fragtimeouts * fragfaults * %user-cpu usage * %sys-cpu usage * %idle-cpu usage */ On Fri, 22 Oct 2004 13:04:23 +0900, Basselgia, Barry A Mr (NAF Atsugi) <babasselgia () atsugi navy mil> wrote:
So, it looks like field 2 is the % dropped packets. The problem actually seems to be in the dropped packets counter. It claims I dropped more then a 100 Billion packets, when I only received 1944. Must be a bug in the performance counter. Anyone have any ideas? Barry
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort PerfMon preprocessor output Basselgia, Barry A Mr (NAF Atsugi) (Oct 21)
- <Possible follow-ups>
- RE: Snort PerfMon preprocessor output Basselgia, Barry A Mr (NAF Atsugi) (Oct 21)
- Re: RE: Snort PerfMon preprocessor output sekure (Oct 22)
- RE: RE: Snort PerfMon preprocessor output Basselgia, Barry A Mr (NAF Atsugi) (Oct 23)