[Oisf-users] detect engine stats

Victor Julien lists at inliniac.net
Fri Jul 5 09:20:17 UTC 2013

On 07/05/2013 02:04 AM, Theodore Elhourani wrote:
> My question was about the detect threads. Is it reasonable to assume
> that if N packets were decoded then N packets are scanned by the detect
> threads (matched against rules)?

Yes. There are a few cases where we bypass the detection engine, mostly
when we know the traffic is encrypted and in the encrypted phase of the
connection (ssh/ssl/tls).

If you want detailed statistics you can check the profiling options,
enable them by passing --enable-profiling to configure.


Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list