Snort mailing list archives

Question about performance monitor

From: "C. L. Martinez" <carlopmart () gmail com>
Date: Thu, 30 May 2013 08:40:00 +0000

Hi all,

 From time to time I am seeing the following entries:

May 30 08:30:08 nsm01 snort[20726]: PPM: Rule-Event Pkt[9888479]
suspended (10.196.0.46:38860 -> 10.196.0.28:445).
May 30 08:30:08 nsm01 snort[20726]: PPM: Rule-Event Pkt[9888479]
address=0x0x8711bef6d80 used=5690.77 usecs suspended
05/30-08:30:08.643465
May 30 08:30:18 nsm01 snort[20726]: PPM: Rule-Event Pkt[9914260]
address=0x0x8711bef6d80 re-enabled 05/30-08:30:18.713944

 It seems some trouble with some rule. I am using so_rules only on
this snort sensor (release 2.9.4.6) under an OpenBSD 5.3 amd64 host.

 How can I know what rule is causing this problem??

------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Question about performance monitor C. L. Martinez (May 30)