Re: [Fwd: [Snort-users] Packet Performance Monitoring Question...]

[Edward Bjarte Fjellskål <edward.fjellskal () redpill-linpro com>]

Russ Combs wrote:
>     Question:
>     snort[7149]: PPM: Rule-Event address=0x20c859e0 Pkt[1124382921]
>     used=18689.7 usecs suspended 04/14-20:25:04.606347
>
>     How would I know what rule that is in a easy way?
>
>
> Regrettably, there is no easy way to tell.  This actually tells you
> where in the detection tree the threshold was exceeded, but the output
> doesn't indicate which rule(s) are affected.  I've opened a bug on this.

Cool,
hope that it is possible to implement in a easy way :)

E

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel