Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rule performance profiling question

From: waldo kitty <wkitty42 () windstream net>
Date: Wed, 15 Sep 2010 18:16:56 -0400
On 9/15/2010 16:37, Andy Berryman wrote:

Num SID GID Rev Checks Matches Alerts Microsecs Avg/Check Avg/Match Avg/Nonmatch
=== === === === ====== ======= ====== ========= ========= ========= ============

1 7019 3 5 234171143 0 0 80911378 0.3 0.0 0.3


[...]


76 14643 3 3 82610 0 0 4949758 59.9 0.0 59.9


what i find interesting is that i do not have either of those rules in my rules 
files... they simply do not exist AFAICT... however, i'm also not a paying 
subscriber so it may take up to another 30 days before i see them...

i do find it interesting that 7019 is enabled in your set up but, as another 
wrote, is specific to a japanese p2p network that you (or i) are likely to have 
on their network... i'm curious if that rule comes enabled by default or if you 
specifically enabled it for performance testing...

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: