Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort performance with perfmonitor

From: Joel Esler <jesler () sourcefire com>
Date: Tue, 19 Jun 2012 09:11:15 -0400
On Jun 19, 2012, at 7:53 AM, Peter Bates <peter.bates () ucl ac uk> wrote:

Hello all...

I've been looking at the output of perfmonitor myself, and also with
'The Pig Doktah', and it has a slight air of confusion about it:

- -= Tha Pig Doktah 0.1 Dev =-
Copyright (C) 2010 JJ Cummings

Report Info:
       Processed: /var/log/snort/snort.stats
       First Entry: Fri Jun 15 14:37:29 2012
       Last Entry: Tue Jun 19 12:46:45 2012
       Time Span: 3 days, 22 hours, 9 minutes and 16 seconds

Wirespeed:
       High: 112.990 Mbits/Sec | Mon Jun 18 15:51:19 2012
       Low: 6.302 Mbits/Sec | Sat Jun 16 03:21:18 2012
       Avg: 61.378 Mbits/Sec

% Packet Loss:
       High: 305.249% | Tue Jun 19 12:41:45 2012
       Low: 12.339% | Sat Jun 16 06:50:42 2012
       Avg: 278.760%

Additional Info:
       Avg Pkt Size: 723.880 bytes
       Avg Syns/Sec: 204.620
       Avg SynAcks/Sec: 137.349
       Avg Alerts/Sec: 0.097
       Avg Current Cached Sessions: 10458.659

I'd say the wirespeed stats are fine, but the packet loss stats seem
to echo what I see (edited output):

Tue Jun 19 12:51:45 2012 75.414 59.807 3074474 9430751

According to the information, 3074474 have been received
but I've dropped 9430751.



Peter,

If you are willing to send me the snort.stats offlist, I'll take a look and let you know what I see.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: