[Oisf-devel] 77b708=WIN?
Martin Holste
mcholste at gmail.com
Wed Sep 28 18:08:18 UTC 2011
Ah, so he did--missed that. Ok, so you're thinking that the detection
engine itself is having hiccups? I did notice a weird issue a few
days ago where alerts were firing erroneously on packets that content
which was negated by the rule.
On Wed, Sep 28, 2011 at 1:01 PM, Chris Wakelin
<c.d.wakelin at reading.ac.uk> wrote:
> On 28/09/2011 18:48, Martin Holste wrote:
>>>
>>> 16GB. I've tried switching to ac full, and the main consequence seems to
>>> be that PF_RING reports no dropped packets (as opposed to 1% with b2g
>>> auto). I hope it's telling the truth :)
>>
>> Actually, PF_RING does not record any dropped packets when running in
>> a cluster, so I assure you it is not telling the truth.
>
> Will fixed that I think for PF_RING 4.7.2+ :-
>
>> -------- Original Message --------
>> Subject: [Oisf-users] Fwd: [Ntop-dev] r4766 - trunk/PF_RING/kernel
>> Date: Mon, 8 Aug 2011 07:00:58 -0500
>> From: Will Metcalf <william.metcalf at gmail.com>
>> To: oisf-users at openinfosecfoundation.org
>>
>> If you upgraded to latested suricata git + latest PF_RING you should
>> get accurate recieved/dropped counters for cluster modes, if anybody
>> is interested...
>>
>> Regards,
>>
>> Will
>>
>
> Best Wishes,
> Chris
>
> --
> --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
> Christopher Wakelin, c.d.wakelin at reading.ac.uk
> IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439
> Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
>
More information about the Oisf-devel
mailing list