Next: Examples
Up: Packet Performance Monitoring (PPM)
Previous: Packet Performance Monitoring (PPM)
Contents
Packet Configuration Options
max-pkt-time <micro-secs>
- enables packet latency thresholding using 'micros-secs' as the limit.
- default is 0 (packet latency thresholding disabled)
- reasonable starting defaults: 100/250/1000 for 1G/100M/5M nets
fastpath-expensive-packets
- enables stopping further inspection of a packet if the max time is
exceeded
- default is off
pkt-log
- enables logging packet event if packet exceeds max-pkt-time
- default is no logging
- if no option is given for 'pkt-log', 'pkt-log log' is implied
- the log option enables output to syslog or console depending
upon snort configuration
debug-pkts
- enables per packet timing stats to be printed after each packet
- default is off
Rule Configuration Options
max-rule-time <micro-secs>
- enables rule latency thresholding using 'micros-secs' as the limit.
- default is 0 (rule latency thresholding disabled)
- reasonable starting defaults: 100/250/1000 for 1G/100M/5M nets
threshold <count>
- sets the number of cumulative rule time excesses before disabling
a rule
- default is 5
suspend-expensive-rules
- enables suspending rule inspection if the max rule time is exceeded
- default is off
suspend-timeout <seconds>
- rule suspension time in seconds
- default is 60 seconds
- set to zero to permanently disable expensive rules
rule-log [log] [alert]
- enables event logging output for rules
- default is no logging
- one or both of the options 'log' and 'alert' must be used with
'rule-log'
- the log option enables output to syslog or console depending
upon snort configuration
Next: Examples
Up: Packet Performance Monitoring (PPM)
Previous: Packet Performance Monitoring (PPM)
Contents
Eugene Misnik
2013-05-08