[Snort-users] Snort performance with perfmonitor

Joel Esler jesler at ...1935...
Tue Jun 19 09:11:15 EDT 2012


On Jun 19, 2012, at 7:53 AM, Peter Bates <peter.bates at ...15381...> wrote:
> Hello all...
> 
> I've been looking at the output of perfmonitor myself, and also with
> 'The Pig Doktah', and it has a slight air of confusion about it:
> 
> - -= Tha Pig Doktah 0.1 Dev =-
> Copyright (C) 2010 JJ Cummings
> 
> Report Info:
>        Processed: /var/log/snort/snort.stats
>        First Entry: Fri Jun 15 14:37:29 2012
>        Last Entry: Tue Jun 19 12:46:45 2012
>        Time Span: 3 days, 22 hours, 9 minutes and 16 seconds
> 
> Wirespeed:
>        High: 112.990 Mbits/Sec | Mon Jun 18 15:51:19 2012
>        Low: 6.302 Mbits/Sec | Sat Jun 16 03:21:18 2012
>        Avg: 61.378 Mbits/Sec
> 
> % Packet Loss:
>        High: 305.249% | Tue Jun 19 12:41:45 2012
>        Low: 12.339% | Sat Jun 16 06:50:42 2012
>        Avg: 278.760%
> 
> Additional Info:
>        Avg Pkt Size: 723.880 bytes
>        Avg Syns/Sec: 204.620
>        Avg SynAcks/Sec: 137.349
>        Avg Alerts/Sec: 0.097
>        Avg Current Cached Sessions: 10458.659
> 
> I'd say the wirespeed stats are fine, but the packet loss stats seem
> to echo what I see (edited output):
> 
> Tue Jun 19 12:51:45 2012 75.414 59.807 3074474 9430751
> 
> According to the information, 3074474 have been received
> but I've dropped 9430751.


Peter,

If you are willing to send me the snort.stats offlist, I'll take a look and let you know what I see.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire



More information about the Snort-users mailing list