Measuring the delay introduced by Snort

[Jiahua Yu <yjh3207 () gmail com>]

Hi,

I am recently using Performance Monitor to dump real-time statistics of
snort.

1. A field of 'uSeconds/Sec' is included with the 'max' option. Given the
definition of 'max' as "theoretical maximum performance that Snort
calculates". Does the 'uSeconds/Sec' refer to the shortest time each
package would take? It's a calculation instead of real-time averaging of
processed packets?

2. Since I am looking to find real-time delay of packets introduced by
Snort, is there any metric that I could use? I have tried a Packet
Performance Monitor and count numbers beyond the threshold, but that makes
me to count the delay events in log file.

3. In perfmonitor, there are the metrics *Drop Rate *and *Perentage of
Packets Dropped*, what's their difference and relationship? I found the
previous thread http://seclists.org/snort/2010/q3/519 but it didn't come
with much explanation.

Thanks,
Jiahua

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!