[Oisf-users] Interpreting rule_perf.log
Charles DeVoe
scarecrow_57 at yahoo.com
Wed Oct 22 14:33:34 UTC 2014
When I examine the rule_perf.log I find that I am getting matches, but no alerts, this is a sample. Num Rule Gid Rev Ticks % Checks Matches Max Ticks Avg Ticks Avg Match Avg No Match 61 2018788 1 2 2744273 6.16 102 40 129136 26904.64 0.00 44262.47
I would think a match would generate at least one alert.
Also, I would expect the average match to be something more than 0.00.
Am I misinterpreting this file?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20141022/d2d8c766/attachment.html>
More information about the Oisf-users
mailing list