Re: Help interpreting snort statistics

[Joel Esler <joel.esler () me com>]

Is your sensor sitting in front of, or behind a firewall or other packet filtering device?  If so, I suggest you move 
it inside the packet filtering device.

J

On Mar 25, 2010, at 12:19 PM, Galley, Daniel wrote:

> Thanks Joel! Here is a more complete picture of the last 24 hours.
>  
>  
> Daniel S. Galley 
> Desktop Support Analyst
> UCLA School of Dentistry
>  
>  
> From: Joel Esler [mailto:joel.esler () me com] 
> Sent: Wednesday, March 24, 2010 6:05 PM
> To: Galley, Daniel
> Cc: snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Help interpreting snort statistics
>  
> Daniel,
>  
> I'd be glad to help you out with this, however, this is a snapshot in time.  I'd do better if your turned on the 
> perfstats preprocessor (search the snort.conf for perfstats).  That would provide me more detailed information.
>  
> Joel
>  
> On Mar 24, 2010, at 7:36 PM, Galley, Daniel wrote:
>
>
> Attached is a log of our snort stats at the end of a 24-hour period.  Anyone willing to take a look and point out any 
> glaring problems?  Also, does anyone have a link to a guide to help me understand what all of this means?
>  
> We are running snort 2.8.5.3 on FreeBSD 8.0 (64-bit).  The box is a Dell Optiplex with a Core 2 Duo E8600 (3.33 GHz) 
> with 4 GB of memory.  The sniffing interface is the built-on Intel Pro/1000.  The sensor is sitting outside of our 
> firewall and our outgoing traffic peaks at about 20 Mbps.
>  
> Thanks a lot!
>  
> Daniel S. Galley 
> Desktop Support Analyst
> UCLA School of Dentistry
> <Mar24Perf.txt>------------------------------------------------------------------------------
> Download Intel&#174; Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev_______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>  
> --
> Joel Esler
> http://blog.joelesler.net
>
>
>  
> <snort.log.txt>

--
Joel Esler
http://blog.joelesler.net


------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users