[Snort-users] Pat-Mached counter in perfmonitor preprocessor
sekure at ...11827...
Tue Oct 19 12:14:45 EDT 2004
On Tue, 19 Oct 2004 14:27:14 -0400, Jeremy Hewlett <jh at ...1935...> wrote:
> On Tue, Oct 19, sekure wrote:
> > I've noticed a few occasions where the Pat-Matched counter in the
> > perfmon preprocessor logs above 100%. Is this normal?
> Reassembled packets can sometimes cause this to be over 100%.
> > What exactly does "%bytes pattern matched" mean?
> Says what percent of traffic is being pattern matched by Snort. So, if
> there's traffic that is not being pattern matched this will effect the
Can you explain why certain traffic wouldn't be pattern matched?
Matched against what pattern? The signatures? I am seeing < 70%
pattern matched on some sensors. Is this "bad"?
More information about the Snort-users