[Snort-users] RE: Snort PerfMon preprocessor output

sekure sekure at ...11827...
Fri Oct 22 06:20:20 EDT 2004


Barry,

Two things:

1.  What OS are you using, what version of libpcap, what version of snort?

2.  Here is the the format of the perfmonitor file, from perf-base.c:

/*
 *
 *   Log Base Per Stats to File for Use by the MC
 *
 * unixtime(in secs since epoch)
 * %pkts dropped
 * mbits/sec
 * alerts/sec
 * K-Packets/Sec
 * Avg Bytes/Pkt
 * %bytes pattern matched
 * syns/sec
 * synacks/sec
 * new-sessions/sec
 * del-sessions/sec
 * total-sessions open
 * max-sessions
 * streamflushes/sec
 * streamfaults/sec
 * streamtimeouts
 * fragcompletes/sec
 * fraginserts/sec
 * fragdeletes/sec
 * fragflushes/sec
 * fragtimeouts
 * fragfaults
 * %user-cpu usage
 * %sys-cpu usage
 * %idle-cpu usage
 */



On Fri, 22 Oct 2004 13:04:23 +0900, Basselgia, Barry A Mr (NAF Atsugi)
<babasselgia at ...12104...> wrote:
 
> So, it looks like field 2 is the % dropped packets.  The problem actually
> seems to be in the dropped packets counter.  It claims I dropped more then a
> 100 Billion packets, when I only received 1944.
> 
> Must be a bug in the performance counter.  Anyone have any ideas?
> 
> Barry




More information about the Snort-users mailing list