Snort mailing list archives
[Fwd: [Snort-users] Packet Performance Monitoring Question...]
From: Edward Bjarte Fjellskål <edward.fjellskal () redpill-linpro com>
Date: Fri, 09 Apr 2010 15:04:38 +0200
Hope this list knows :) ./ebf0
--- Begin Message --- From: Edward Bjarte Fjellskål <edward.fjellskal () redpill-linpro com>
Date: Wed, 07 Apr 2010 22:13:57 +0200
Hi, If I'm using: config ppm: max-rule-time 5000, \ threshold 10, \ suspend-expensive-rules, \ suspend-timeout 60, \ rule-log log How will this technically work... If a rule uses more than 5000 usecs 9 times say day 1 of running Snort, and say day 4, the rule again uses above 5000 usecs, will it then be suspended for 60 seconds? Does Snort keep threshold stats for each rule for forever? or is the threshold within some default timeout? Does enabling ppm for rules degrade performance of Snort? (as it maybe has to do more checking of the threshold for each rule, and maybe also suspending it and bringing it back...) E ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--- End Message ---
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- [Fwd: [Snort-users] Packet Performance Monitoring Question...] Edward Bjarte Fjellskål (Apr 09)
- Re: [Fwd: [Snort-users] Packet Performance Monitoring Question...] Russ Combs (Apr 14)
- Re: [Fwd: [Snort-users] Packet Performance Monitoring Question...] Edward Bjarte Fjellskål (Apr 14)
- Re: [Fwd: [Snort-users] Packet Performance Monitoring Question...] Rodrigo Montoro(Sp0oKeR) (Apr 14)
- Re: [Fwd: [Snort-users] Packet Performance Monitoring Question...] Edward Bjarte Fjellskål (Apr 14)
- Re: [Fwd: [Snort-users] Packet Performance Monitoring Question...] Edward Bjarte Fjellskål (Apr 14)
- Re: [Fwd: [Snort-users] Packet Performance Monitoring Question...] Edward Bjarte Fjellskål (Apr 14)
- Re: [Fwd: [Snort-users] Packet Performance Monitoring Question...] Russ Combs (Apr 14)
- Re: [Fwd: [Snort-users] Packet Performance Monitoring Question...] Edward Bjarte Fjellskål (Apr 14)
- Re: [Fwd: [Snort-users] Packet Performance Monitoring Question...] Russ Combs (Apr 14)