[Snort-users] Snort performance with perfmonitor

Peter Bates peter.bates at ...15381...
Tue Jun 19 07:53:44 EDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all...

I've been looking at the output of perfmonitor myself, and also with
'The Pig Doktah', and it has a slight air of confusion about it:

- -= Tha Pig Doktah 0.1 Dev =-
Copyright (C) 2010 JJ Cummings

Report Info:
        Processed: /var/log/snort/snort.stats
        First Entry: Fri Jun 15 14:37:29 2012
        Last Entry: Tue Jun 19 12:46:45 2012
        Time Span: 3 days, 22 hours, 9 minutes and 16 seconds

Wirespeed:
        High: 112.990 Mbits/Sec | Mon Jun 18 15:51:19 2012
        Low: 6.302 Mbits/Sec | Sat Jun 16 03:21:18 2012
        Avg: 61.378 Mbits/Sec

% Packet Loss:
        High: 305.249% | Tue Jun 19 12:41:45 2012
        Low: 12.339% | Sat Jun 16 06:50:42 2012
        Avg: 278.760%

Additional Info:
        Avg Pkt Size: 723.880 bytes
        Avg Syns/Sec: 204.620
        Avg SynAcks/Sec: 137.349
        Avg Alerts/Sec: 0.097
        Avg Current Cached Sessions: 10458.659

I'd say the wirespeed stats are fine, but the packet loss stats seem
to echo what I see (edited output):

Tue Jun 19 12:51:45 2012 75.414 59.807 3074474 9430751

According to the information, 3074474 have been received
but I've dropped 9430751.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division	    Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJP4GhIAAoJELhVoVpEMS6R8QwH/2Ib2LL8strTYCSLW2TKBuwR
nPB6NPw8VMIHFO611t13cpKzuivH/3E/uyjm/Ncl5QSiRzHyvT9rRtxk6NGx7hSO
Ju6rmz0Bje/QC4XfAGU1f+Jvp6fR/u6Zm7FmAkGNVB+0baDD3/x8Yxg7SfN/Jbi2
NftOi0yaygz3dHFLOsWZ/Ym5PuxXOGZDcZqo616IUXOGkuucw0PD4CapTJWu0yM2
UZ3gSJ+CTRWeQK8Z1Y9RM6o++qm5IyKVt5bL/Hp+cLrmiR9+LwIP9gaRBsKlI+74
TblkrkMR7utONc7/uAKS+M88nG5BqJY7Xduoq0ZNW2QgIf61Ss74gbbcoV4kloA=
=T/to
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list