Re: Performance again

[Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>]

Hi,

The first question is anyway, what is actually ment by the statistics?
It would be interessting to know, in which stages of the process a
packet drop may occur and what is ment by the output/perfmon:

1. During the capture (and copy from the kernel to the user space)
2. During the preprocessing/reassembling/decoding
3. During the pattern matching/alerting
4. During the output
5. Other?

AFAIK the statistics is only telling to us, what the libpcap told
Snort (1.)? So how would more frequent perfmon output provide more
information? So I have to take a look at the complete situation in order
to guess(!), which task took so long, that Snort had to give it up and
begin processing the new input.

Regards,
Edin

Brian schrieb:

[Invalid method]
> Your method for coming to your conclusion is invalid.  You can not
> ignore what happens before snort drops packets, as that is probably
> what is causing the drop.  If you need finer grained information, set
> perfmonitor to dump its data more frequently.
>
> Brian

--
Edin Dizdarevic



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users