[Snort-users] Pat-Mached counter in perfmonitor preprocessor
sekure at ...11827...
Tue Oct 19 09:05:29 EDT 2004
Snort -2.2.0 on Linux 2.4.21
preprocessor perfmonitor: time 300 flow events file snort.stats pktcnt 10000
I've noticed a few occasions where the Pat-Matched counter in the
perfmon preprocessor logs above 100%. Is this normal?
What exactly does "%bytes pattern matched" mean? Percent of bytes
captured that matched a rule? That doesn't make sense, since i'd
expect it to be something like .01%. Percent of bytes captured that
got tested against a various signatures? Why wouldn't it always be
In other words: Help???
More information about the Snort-users