Snort mailing list archives
Re: pmgraph.pl
From: Jason Wallace <jason.r.wallace () gmail com>
Date: Tue, 10 Nov 2009 14:47:18 -0500
Interesting. I'll have to watch that webinar. On Tue, Nov 10, 2009 at 2:42 PM, Jefferson, Shawn <Shawn.Jefferson () bcferries com> wrote:
Well, in the recent Sourcefire webinar on tuning the snort sensors it came up. From the whitepaper at http://www.snort.org/assets/126/WhitePaper_Snort_PerformanceTuning_2009.pdf "The next statistic is pattern match percentage. This is the number of bytes that Snort is passing through the pattern matcher to identify possible rules, compared to the total number of bytes seen by Snort. This number could be higher than 100%, in the case of IP defragmentation, TCP reassembly, DCE/RPC reassembly, etc. Ideally this would be in the 10% range." -----Original Message----- From: Jason Wallace [mailto:jason.r.wallace () gmail com] Sent: Tuesday, November 10, 2009 11:41 AM To: Jefferson, Shawn Cc: Snort Users List Subject: Re: [Snort-users] pmgraph.pl Just out of curiosity.. What is the benefit of knowing this? On Tue, Nov 10, 2009 at 1:56 PM, Jefferson, Shawn <Shawn.Jefferson () bcferries com> wrote:I modified pmgraph.pl today to also graph Pattern Matching percentage. If you are using it and are interested, send me an email and I'll send you a copy. Of course, you could modify it yourself too (it was pretty easy.) -- Shawn Jefferson ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- pmgraph.pl Jefferson, Shawn (Nov 10)
- Re: pmgraph.pl Jason Wallace (Nov 10)
- Re: pmgraph.pl Jefferson, Shawn (Nov 10)
- Re: pmgraph.pl Jason Wallace (Nov 10)
- Re: pmgraph.pl Edward Bjarte Fjellskål (Nov 11)
- Re: pmgraph.pl Jefferson, Shawn (Nov 10)
- Re: pmgraph.pl Joel Esler (Nov 10)
- Re: pmgraph.pl JJ Cummings (Nov 10)
- Re: pmgraph.pl Jefferson, Shawn (Nov 10)
- Re: pmgraph.pl Joel Esler (Nov 10)
- Re: pmgraph.pl Jason Wallace (Nov 10)