[Snort-users] Question about outstanding packets

C. L. Martinez carlopmart at ...11827...
Fri Feb 13 02:01:36 EST 2015


Hi all,

 Under my snort's statistics, I see results like these every day:

*** Caught Term-Signal
===============================================================================
Run time for packet processing was 86064.336514 seconds
Snort processed 2731635677 packets.
Snort ran for 0 days 23 hours 54 minutes 24 seconds
    Pkts/hr:    118766768
   Pkts/min:      1904906
   Pkts/sec:        31739
===============================================================================
Packet I/O Totals:
   Received:   3097205569
   Analyzed:   2731635677 ( 88.197%)
    Dropped:      1427584 (  0.046%)
   Filtered:            0 (  0.000%)
Outstanding:    365569892 ( 11.803%)
   Injected:            0
===============================================================================

But I don't see clearly what it means "Outstanding" packets. According
to Snort's docs:

Outstanding indicates how many packets are buffered awaiting
processing. The way this is counted varies per DAQ so the DAQ
documentation should be consulted for more info.

Searching inside DAQ's README I don't see any reference about
outstanding packets.

How daq manages these packets?? How can I reduce outstanding stats??

Thanks.




More information about the Snort-users mailing list