Re: pmgraph.pl

[Edward Bjarte Fjellskål <edward.fjellskal () redpill-linpro com>]

Jefferson, Shawn wrote:

As a comment to pmgraph.pl, I have earlyer made some basic plugins for
Munin that graphs different stuff that I use/need to tune snort.
http://www.gamelinux.org/?p=32
http://download.gamelinux.org/snort/Snort-Munin-Plugins.png

In the light of new stable version of Munin soon to come this year
(current is 1.4.0-alpha), I will probably spend some time and rewrite
the plugin in perl, and merge all into one plugin.
Munin also uses Tobi Oetiker's rrdtool btw.

But at the moment, munin is a must for me on all sensors.

http://download.gamelinux.org/snort/

./Edward

> Well, in the recent Sourcefire webinar on tuning the snort sensors it came up.  From the whitepaper at 
> http://www.snort.org/assets/126/WhitePaper_Snort_PerformanceTuning_2009.pdf
>
> "The next statistic is pattern match percentage. This is the number of bytes that Snort is passing through the 
> pattern matcher to identify possible rules, compared to the total number of bytes seen by Snort. This number could be 
> higher than 100%, in the case of IP defragmentation, TCP reassembly, DCE/RPC reassembly, etc. Ideally this would be 
> in the 10% range."

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users