[Oisf-users] Drop rate
David Rodrigues
david.network.security at gmail.com
Wed Jan 5 15:13:02 UTC 2011
Hi all,
First, I would like to wish a happy new year to all.
I'm having some doubts about snort statistics. I'm testing Suricata in a
very high speed network and I would like to have statistics about
performance (e.g.: drop rate).
The drop rate I'm using is the one printed when Suricata exists. But this is
the Pcap statistics:
[10424] 5/1/2011 -- 15:21:14 - (source-pcap.c:429) <Info>
(ReceivePcapThreadExitStats) -- (ReceivePcap) Packets 24902042, bytes
14643147733
[10424] 5/1/2011 -- 15:21:14 - (source-pcap.c:437) <Info>
(ReceivePcapThreadExitStats) -- (ReceivePcap) Pcap Total:117734236
Recv:71318162 Drop:46416074 (39.4%).
Does it means that it only regards Pcap? For instance, if I have a 39 drop
rate does it means that Suricata analyzed 61% of the traffic? Or does it
means that Pcap captured 61% of the packet and Suricata can still drop more?
Anther question is: can I have drop statistics without shutting down
Suricata?
Thanks a lot,
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110105/2ef6b5f3/attachment-0002.html>
More information about the Oisf-users
mailing list