Snort mailing list archives
Re: Rule performance profiling question
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 15 Sep 2010 18:36:56 -0400
Both are SO rules. J On Wed, Sep 15, 2010 at 6:16 PM, waldo kitty <wkitty42 () windstream net>wrote:
On 9/15/2010 16:37, Andy Berryman wrote:Num SID GID Rev Checks Matches Alerts Microsecs Avg/Check Avg/MatchAvg/Nonmatch=== === === === ====== ======= ====== ========= ========= =====================1 7019 3 5 234171143 0 0 80911378 0.3 0.0 0.3[...]76 14643 3 3 82610 0 0 4949758 59.9 0.0 59.9what i find interesting is that i do not have either of those rules in my rules files... they simply do not exist AFAICT... however, i'm also not a paying subscriber so it may take up to another 30 days before i see them... i do find it interesting that 7019 is enabled in your set up but, as another wrote, is specific to a japanese p2p network that you (or i) are likely to have on their network... i'm curious if that rule comes enabled by default or if you specifically enabled it for performance testing... ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rule performance profiling question Andy Berryman (Sep 15)
- Re: Rule performance profiling question Alex Kirk (Sep 15)
- Re: Rule performance profiling question Andy Berryman (Sep 16)
- Re: Rule performance profiling question Joel Esler (Sep 16)
- Re: Rule performance profiling question waldo kitty (Sep 16)
- Re: Rule performance profiling question waldo kitty (Sep 16)
- Re: Rule performance profiling question Joel Esler (Sep 16)
- Re: Rule performance profiling question Andy Berryman (Sep 16)
- Re: Rule performance profiling question Alex Kirk (Sep 15)
- Re: Rule performance profiling question Joel Esler (Sep 15)
- Re: Rule performance profiling question waldo kitty (Sep 15)
- Re: Rule performance profiling question Joel Esler (Sep 15)
- Re: Rule performance profiling question waldo kitty (Sep 15)