[Snort-users] Rule performance profiling question

Joel Esler jesler at ...1935...
Wed Sep 15 18:36:56 EDT 2010


Both are SO rules.

J

On Wed, Sep 15, 2010 at 6:16 PM, waldo kitty <wkitty42 at ...14940...>wrote:

> On 9/15/2010 16:37, Andy Berryman wrote:
> > Num SID GID Rev Checks Matches Alerts Microsecs Avg/Check Avg/Match
> Avg/Nonmatch
> > === === === === ====== ======= ====== ========= ========= =========
> ============
> >
> > 1 7019 3 5 234171143 0 0 80911378 0.3 0.0 0.3
> >
> [...]
> >
> > 76 14643 3 3 82610 0 0 4949758 59.9 0.0 59.9
>
> what i find interesting is that i do not have either of those rules in my
> rules
> files... they simply do not exist AFAICT... however, i'm also not a paying
> subscriber so it may take up to another 30 days before i see them...
>
> i do find it interesting that 7019 is enabled in your set up but, as
> another
> wrote, is specific to a japanese p2p network that you (or i) are likely to
> have
> on their network... i'm curious if that rule comes enabled by default or if
> you
> specifically enabled it for performance testing...
>
>
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100915/735b1cf4/attachment.html>


More information about the Snort-users mailing list