[Snort-devel] [Fwd: [Snort-users] Packet Performance Monitoring Question...]
Edward Bjarte Fjellskål
edward.fjellskal at ...3083...
Wed Apr 14 17:09:48 EDT 2010
Russ Combs wrote:
> snort: PPM: Rule-Event address=0x20c859e0 Pkt
> used=18689.7 usecs suspended 04/14-20:25:04.606347
> How would I know what rule that is in a easy way?
> Regrettably, there is no easy way to tell. This actually tells you
> where in the detection tree the threshold was exceeded, but the output
> doesn't indicate which rule(s) are affected. I've opened a bug on this.
hope that it is possible to implement in a easy way :)
More information about the Snort-devel