Rule Profiling on small pcap

[Mike Cox <mike.cox52 () gmail com>]

When running a small pcap thru Snort that is configured for rule
profiling, I don't see Rule Profile Statistics for rules that were
loaded but did not match (i.e. alert) on anything.  I see Rule Profile
Statistics on the rule(s) that did generate an alert.

Is this normal?

What is the criteria for rule profile stats?  Is it polling based such
that a small pcap gets processed before the polling interval is
realized unless a rule fires?

How do you do perf test on small pcaps?  (I sense a comment from Joel
coming saying testing small pcaps isn't useful....)

Thanks.

-Mike Cox

------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!