Snort mailing list archives
Measuring the delay introduced by Snort
From: Jiahua Yu <yjh3207 () gmail com>
Date: Fri, 3 Oct 2014 11:18:30 -0400
Hi, I am recently using Performance Monitor to dump real-time statistics of snort. 1. A field of 'uSeconds/Sec' is included with the 'max' option. Given the definition of 'max' as "theoretical maximum performance that Snort calculates". Does the 'uSeconds/Sec' refer to the shortest time each package would take? It's a calculation instead of real-time averaging of processed packets? 2. Since I am looking to find real-time delay of packets introduced by Snort, is there any metric that I could use? I have tried a Packet Performance Monitor and count numbers beyond the threshold, but that makes me to count the delay events in log file. 3. In perfmonitor, there are the metrics *Drop Rate *and *Perentage of Packets Dropped*, what's their difference and relationship? I found the previous thread http://seclists.org/snort/2010/q3/519 but it didn't come with much explanation. Thanks, Jiahua
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Measuring the delay introduced by Snort Jiahua Yu (Oct 03)