[Snort-users] Help interpreting snort statistics

Joel Esler joel.esler at ...14399...
Thu Mar 25 12:33:22 EDT 2010


Is your sensor sitting in front of, or behind a firewall or other packet filtering device?  If so, I suggest you move it inside the packet filtering device.

J

On Mar 25, 2010, at 12:19 PM, Galley, Daniel wrote:

> Thanks Joel! Here is a more complete picture of the last 24 hours.
>  
>  
> Daniel S. Galley 
> Desktop Support Analyst
> UCLA School of Dentistry
>  
>  
> From: Joel Esler [mailto:joel.esler at ...14399...] 
> Sent: Wednesday, March 24, 2010 6:05 PM
> To: Galley, Daniel
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Help interpreting snort statistics
>  
> Daniel,
>  
> I'd be glad to help you out with this, however, this is a snapshot in time.  I'd do better if your turned on the perfstats preprocessor (search the snort.conf for perfstats).  That would provide me more detailed information.
>  
> Joel
>  
> On Mar 24, 2010, at 7:36 PM, Galley, Daniel wrote:
> 
> 
> Attached is a log of our snort stats at the end of a 24-hour period.  Anyone willing to take a look and point out any glaring problems?  Also, does anyone have a link to a guide to help me understand what all of this means?
>  
> We are running snort 2.8.5.3 on FreeBSD 8.0 (64-bit).  The box is a Dell Optiplex with a Core 2 Duo E8600 (3.33 GHz) with 4 GB of memory.  The sniffing interface is the built-on Intel Pro/1000.  The sensor is sitting outside of our firewall and our outgoing traffic peaks at about 20 Mbps.
>  
> Thanks a lot!
>  
> Daniel S. Galley 
> Desktop Support Analyst
> UCLA School of Dentistry
> <Mar24Perf.txt>------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>  
> --
> Joel Esler
> http://blog.joelesler.net
> 
> 
>  
> <snort.log.txt>

--
Joel Esler
http://blog.joelesler.net


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100325/5bef6bac/attachment.html>


More information about the Snort-users mailing list