Re: Perfmonitor...does anyone really use this thing?

[Edin Dizdarevic <Edin.Dizdarevic () interActive-Systems de>]

Hi,

for me it is a simple way to continously follow how Snort is doing over
a longer time period. You may want to use a tool like logsurfer to warn
you if ie. big amount of packets is suddenly being lost. I personally
like it.

According the stats: This seems to be nothing that has anything to do
with Snort. Try using the "new" "Phil Woods"-libpcap, where this
situation got very much better. Also read the docs provided on Phil
Wood's homepage. Since that version, my statistics are working good and
stuff like 1250% TCP seem to be over now. Good work, I may add. :)

Snort versions prior to 2.0 have had other difficulties with stats.
At the moment however, everything is working really good for me with
Snort 2.1.0 and libpcap-0.8.031204.

Regards,
Edin


Andreas Östling wrote:

> If you don't do anything useful with the output from it then you should 
> of course not turn it on. Personally I find it very handy when tweaking 
> and debugging performance issues (in conjunction with 
> http://people.su.se/~andreaso/perfmon-graph/). The output format is 
> explained in src/preprocessors/perf-base.c and also in the manual I think. 
> The drop stats on Linux seems broken though.
>
> /Andreas




-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users