[Snort-devel] ATTN: need testers willing to give statistics!

Chris Green cmg at ...402...
Wed Aug 7 14:21:04 EDT 2002


cmg/Sourcefire needs your help in order to help get some data from
the snort community at large.

In the latest 1.9 series on your network, please place

preprocessor perfmonitor: console flow events time 10


in your snort.conf and run

snort <normalargs> 2>&1 | tee log-10sec.txt
for maybe 5 minutes on your busiest network link


preprocessor perfmonitor: console flow events time 600
snort <normalargs> 2>&1 | tee log-10min.txt
for maybe an hour minutes on your busiest network link

Don't forgot to take out the -D argument so you run interactively with
your normal type of config file.

mail

cmg at ...402...

Network Type: (T1,T3,OC-12,10M,100M) etc.
Network Description: WebFarm, intranet, etc.
and
Number of hosts: (if known)


and the output of that to cmg at ...402...

There should be nothing in this about your netblocks.

We need you to help make snort better so we can see what type of
protocol breakdowns people are seeing out there.

If you want snort to work better on your network type, mail now!

I would like a good batch of statistics by the end of tommorrow so
please, if you are on snort-devel, run it and let me know what you
see.

Reminder:

you need to do
./configure --enable-perfmonitor

and  put

preprocessor perfmonitor: console flow events time 10

in your conf file

Thanks!
Chris
-- 
Chris Green <cmg at ...402...>
Eschew obfuscation.




More information about the Snort-devel mailing list