Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is there an acceptable amount of dropped packets for snort?

From: Joel Esler <jesler () sourcefire com>
Date: Mon, 8 Feb 2010 16:07:09 -0500
Andy,

Definitely the less packet drops the better.  0 being the optimal number.  What output method are you using?  By any 
chance the Database output method?

J

On Feb 8, 2010, at 3:55 PM, Andy Berryman wrote:


Just wondering if there is a general acceptable amount of dropped packets for snort? Someone told me anything under 
around 10% would be acceptable. To me that's not right, any dropped packets to me is a big deal.
 
Would this be considered acceptable? My interval for the stats reporting is every 30 seconds.
 
Feb  8 19:30:32 (none) snort[25517]: Pkts Recv:   679621
Feb  8 19:30:32 (none) snort[25517]: Pkts Drop:   3096
Feb  8 19:30:32 (none) snort[25517]: % Dropped:   0.456%
 
 
  8 19:30:32 (none) snort[25517]: Mbits/Second
Feb  8 19:30:32 (none) snort[25517]: ----------------
Feb  8 19:30:32 (none) snort[25517]: Snort:       347.481
Feb  8 19:30:32 (none) snort[25517]: Sniffing:    1509.490
Feb  8 19:30:32 (none) snort[25517]: Combined:    282.460
Feb  8 19:30:32 (none) snort[25517]: uSeconds/Pkt
Feb  8 19:30:32 (none) snort[25517]: ----------------
 
Feb  8 19:30:32 (none) snort[25517]: Snort Setwise Event Stats
Feb  8 19:30:32 (none) snort[25517]: -------------------------
Feb  8 19:30:32 (none) snort[25517]: Total Events:           913852
Feb  8 19:30:32 (none) snort[25517]: Qualified Events:       451
Feb  8 19:30:32 (none) snort[25517]: Non-Qualified Events:   913401
Feb  8 19:30:32 (none) snort[25517]: %Qualified Events:      0.0494%
Feb  8 19:30:32 (none) snort[25517]: %Non-Qualified Events:  99.9506%
 
Thanks,
Andy Berryman
 
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
Joel Esler
302-223-5974






------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: