[Snort-users] Is there an acceptable amount of dropped packets for snort?

Edin Dizdarevic Snort at ...13239...
Mon Feb 8 17:00:56 EST 2010


AFAIC dropped packets are a problem when you detect false negatives (FN) 
- I'm not sure if the term FN is appropriate here btw. But there are so 
many other reasons that could lead to a FN.

Regarding metrics you might want to take a look into the Performance 
Monitor preprocessor which I used to deploy often when facing 
performance issues.

Rgrds,
Edin

Am 08.02.2010 21:55, schrieb Andy Berryman:
> Just wondering if there is a general acceptable amount of dropped
> packets for snort? Someone told me anything under around 10% would be
> acceptable. To me that's not right, any dropped packets to me is a
> big deal.
>
> Would this be considered acceptable? My interval for the stats
> reporting is every 30 seconds.
>




More information about the Snort-users mailing list