[Snort-users] Snort behaviour graphic.

Ashley Thomas athomas at ...5484...
Wed Jul 10 10:56:06 EDT 2002

It might have relation to the type of traffic also.
i mean the profile at any instant.
You might have 90 % http or 40 % http...

that is just a guess !
what do you think ?

btw do you have lot of other processes running on the same machine or is it
just snort ?

Hi all,

I've been doing tests with Snort and I got the graphic attached. We can
see traffic received in packets per second with blue line, Snort droped
pps with green line and Snort total VM size in kilobytes. X axe represents
time in hours (a little more than one week).

First, why droped packets are so different in between days with similar
traffic? (I get droped packets with a script that compares received
packets from the interface with Snort processed packets, from kill -USR1).

Second, why Snort vsize is like this?. I thought it bears relation to
traffic received, but it doesn't.


Emilio Mira

