[Snort-users] packet I/O totals
felix.erlacher at ...17726...
Thu Feb 23 06:58:39 EST 2017
I have a question regarding the Snort Packet I/O totals.
This is what Snort tells me after i stop it with SIGTERM:
Packet I/O Totals:
Analyzed: 1327128 ( 59.399%)
Dropped: 907129 ( 28.877%)
Filtered: 0 ( 0.000%)
Outstanding: 907129 ( 40.601%)
The snort manual says "Outstanding indicates how many packets are
buffered awaiting processing" and further refers to the DAQ
documentation. (The DAQ readme gives no Info on this behalf and I
could't find any other DAQ docu)
There are a few oddities here:
The "Dropped" and "Outstanding" numbers are exactly the same, namely the
difference between "analyzed" and "received".
How can dropped packets be at the same time outstanding?
Of which number is 907129 28.877%?
Is the problem that I aborted Snort?
I am using snort 188.8.131.52 with DAQ 2.0.6 to analyze traffic from my
10GBit NIC with the shipped snort.conf in IDS mode.
BTW: There was already a similar discussion on this list, the problem
was solved by a new DAQ. At the moment I am using the newest DAQ.
thanks and greets
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: OpenPGP digital signature
More information about the Snort-users