[Snort-users] RE: Snort PerfMon preprocessor output
sekure at ...11827...
Fri Oct 22 06:20:20 EDT 2004
1. What OS are you using, what version of libpcap, what version of snort?
2. Here is the the format of the perfmonitor file, from perf-base.c:
* Log Base Per Stats to File for Use by the MC
* unixtime(in secs since epoch)
* %pkts dropped
* Avg Bytes/Pkt
* %bytes pattern matched
* total-sessions open
* %user-cpu usage
* %sys-cpu usage
* %idle-cpu usage
On Fri, 22 Oct 2004 13:04:23 +0900, Basselgia, Barry A Mr (NAF Atsugi)
<babasselgia at ...12104...> wrote:
> So, it looks like field 2 is the % dropped packets. The problem actually
> seems to be in the dropped packets counter. It claims I dropped more then a
> 100 Billion packets, when I only received 1944.
> Must be a bug in the performance counter. Anyone have any ideas?
More information about the Snort-users