Sample Snort Startup Output
Packet Performance Monitor Config:
ticks per usec : 1600 ticks
max packet time : 50 usecs
packet action : fastpath-expensive-packets
packet logging : log
debug-pkts : disabled
Rule Performance Monitor Config:
ticks per usec : 1600 ticks
max rule time : 50 usecs
rule action : suspend-expensive-rules
rule threshold : 5
suspend timeout : 300 secs
rule logging : alert log
Sample Snort Run-time Output
...
PPM: Process-BeginPkt[61] caplen=60
PPM: Pkt[61] Used= 8.15385 usecs
PPM: Process-EndPkt[61]
PPM: Process-BeginPkt[62] caplen=342
PPM: Pkt[62] Used= 65.3659 usecs
PPM: Process-EndPkt[62]
PPM: Pkt-Event Pkt[63] used=56.0438 usecs, 0 rules, 1 nc-rules tested, packet fastpathed
(10.4.12.224:0 -> 10.4.14.108:54321).
PPM: Process-BeginPkt[63] caplen=60
PPM: Pkt[63] Used= 8.394 usecs
PPM: Process-EndPkt[63]
PPM: Process-BeginPkt[64] caplen=60
PPM: Pkt[64] Used= 8.21764 usecs
PPM: Process-EndPkt[64]
...
Sample Snort Exit Output
Packet Performance Summary:
max packet time : 50 usecs
packet events : 1
avg pkt time : 0.633125 usecs
Rule Performance Summary:
max rule time : 50 usecs
rule events : 0
avg nc-rule time : 0.2675 usecs