No subject

Thu Nov 23 16:36:19 EST 2017

portions upper-case):

         * "ps_recv" counts packets handed to the filter, not packets
         * that passed the filter.  As filtering is done in userland,
         * this DOES NOT INCLUDE packets dropped because we ran out
         * of buffer space.
         * "ps_drop" counts packets dropped inside the DLPI service
         * provider device device because of flow control requirements
         * or resource exhaustion; it doesn't count packets dropped by
         * the interface driver, or packets dropped upstream.  As
         * filtering is done in userland, it counts packets regardless
         * of whether they would've passed the filter.

So, ps_drop/(ps_recv + ps_drop) is accurate for Solaris, at least as far 
as the calculation goes....

More information about the Snort-users mailing list