[Snort-users] Rule performance profiling question

Joel Esler jesler at ...1935...
Wed Sep 15 21:53:24 EDT 2010


Which environment is that?

On Wednesday, September 15, 2010, waldo kitty <wkitty42 at ...14940...> wrote:
> On 9/15/2010 18:36, Joel Esler wrote:
>> Both are SO rules.
>
> ahhh... ok so they are GID 3 which i'm not using at this time due to kernel
> changes in my environment... hopefully you guys will still be releasing SO rules
> that are compatible with the kernel that my environment is "stuck" using for
> security reasons...
>
>>
>> J
>>
>> On Wed, Sep 15, 2010 at 6:16 PM, waldo kitty <wkitty42 at ...14940...
>> <mailto:wkitty42 at ...14940...>> wrote:
>>
>>     On 9/15/2010 16:37, Andy Berryman wrote:
>>      > Num SID GID Rev Checks Matches Alerts Microsecs Avg/Check Avg/Match
>>     Avg/Nonmatch
>>      > === === === === ====== ======= ====== ========= ========= =========
>>     ============
>>      >
>>      > 1 7019 3 5 234171143 0 0 80911378 0.3 0.0 0.3
>>      >
>>     [...]
>>      >
>>      > 76 14643 3 3 82610 0 0 4949758 59.9 0.0 59.9
>>
>>     what i find interesting is that i do not have either of those rules in my rules
>>     files... they simply do not exist AFAICT... however, i'm also not a paying
>>     subscriber so it may take up to another 30 days before i see them...
>>
>>     i do find it interesting that 7019 is enabled in your set up but, as another
>>     wrote, is specific to a japanese p2p network that you (or i) are likely to have
>>     on their network... i'm curious if that rule comes enabled by default or if you
>>     specifically enabled it for performance testing...
>
>
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list