[Snort-users] Help interpreting snort statistics

Joel Esler joel.esler at ...14399...
Wed Mar 24 21:05:06 EDT 2010


I'd be glad to help you out with this, however, this is a snapshot in time.  I'd do better if your turned on the perfstats preprocessor (search the snort.conf for perfstats).  That would provide me more detailed information.


On Mar 24, 2010, at 7:36 PM, Galley, Daniel wrote:

> Attached is a log of our snort stats at the end of a 24-hour period.  Anyone willing to take a look and point out any glaring problems?  Also, does anyone have a link to a guide to help me understand what all of this means?
> We are running snort on FreeBSD 8.0 (64-bit).  The box is a Dell Optiplex with a Core 2 Duo E8600 (3.33 GHz) with 4 GB of memory.  The sniffing interface is the built-on Intel Pro/1000.  The sensor is sitting outside of our firewall and our outgoing traffic peaks at about 20 Mbps.
> Thanks a lot!
> Daniel S. Galley 
> Desktop Support Analyst
> UCLA School of Dentistry
> <Mar24Perf.txt>------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

Joel Esler

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100324/7a23ac25/attachment.html>

More information about the Snort-users mailing list