[Oisf-users] detect engine stats
Victor Julien
lists at inliniac.net
Fri Jul 5 09:20:17 UTC 2013
On 07/05/2013 02:04 AM, Theodore Elhourani wrote:
> My question was about the detect threads. Is it reasonable to assume
> that if N packets were decoded then N packets are scanned by the detect
> threads (matched against rules)?
Yes. There are a few cases where we bypass the detection engine, mostly
when we know the traffic is encrypted and in the encrypted phase of the
connection (ssh/ssl/tls).
If you want detailed statistics you can check the profiling options,
enable them by passing --enable-profiling to configure.
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list