[Snort-users] Snort behaviour graphic.

Ashley Thomas athomas at ...5484...
Wed Jul 10 10:56:06 EDT 2002


It might have relation to the type of traffic also.
i mean the profile at any instant.
You might have 90 % http or 40 % http...

that is just a guess !
what do you think ?

btw do you have lot of other processes running on the same machine or is it
just snort ?




-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Emilio Mira
Sent: Wednesday, July 10, 2002 8:09 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort behaviour graphic.



Hi all,

I've been doing tests with Snort and I got the graphic attached. We can
see traffic received in packets per second with blue line, Snort droped
pps with green line and Snort total VM size in kilobytes. X axe represents
time in hours (a little more than one week).

First, why droped packets are so different in between days with similar
traffic? (I get droped packets with a script that compares received
packets from the interface with Snort processed packets, from kill -USR1).

Second, why Snort vsize is like this?. I thought it bears relation to
traffic received, but it doesn't.

Thanks.

--
Emilio Mira







More information about the Snort-users mailing list