snort-users November 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] pmgraph.pl

Re: [Snort-users] pmgraph.pl

From: Jefferson, Shawn <Shawn.Jefferson_at_nospam>
Date: Tue Nov 10 2009 - 19:42:20 GMT
To: Jason Wallace <jason.r.wallace@gmail.com>


Well, in the recent Sourcefire webinar on tuning the snort sensors it came up. From the whitepaper at http://www.snort.org/assets/126/WhitePaper_Snort_PerformanceTuning_2009.pdf

"The next statistic is pattern match percentage. This is the number of bytes that Snort is passing through the pattern matcher to identify possible rules, compared to the total number of bytes seen by Snort. This number could be higher than 100%, in the case of IP defragmentation, TCP reassembly, DCE/RPC reassembly, etc. Ideally this would be in the 10% range."

-----Original Message-----
From: Jason Wallace [mailto:jason.r.wallace@gmail.com] Sent: Tuesday, November 10, 2009 11:41 AM To: Jefferson, Shawn
Cc: Snort Users List
Subject: Re: [Snort-users] pmgraph.pl

Just out of curiosity.. What is the benefit of knowing this?

On Tue, Nov 10, 2009 at 1:56 PM, Jefferson, Shawn <Shawn.Jefferson@bcferries.com> wrote:
> I modified pmgraph.pl today to also graph Pattern Matching percentage.  If
> you are using it and are interested, send me an email and I'll send you a
> copy.  Of course, you could modify it yourself too (it was pretty easy.)
>
> --
> Shawn Jefferson
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users