| Search Site |
| Search Rules |
| Account |
| not registered? |
| can't login? |
| user preferences |
 |
 |
|
|||||||||||||||||||
Next: Examples Up: Packet Performance Monitoring (PPM) Previous: Packet Performance Monitoring (PPM) Contents
Configuration
Packet Configuration Options
max-pkt-time <micro-secs>
- enables packet latency thresholding using 'micros-secs' as the limit.
- default is 0 (packet latency thresholding disabled)
- reasonable starting defaults: 100/250/1000 for 1G/100M/5M nets
fastpath-expensive-packets
- enables stopping further inspection of a packet if the max time is exceeded
- default is off
pkt-log
- enables logging packet event if packet exceeds max-pkt-time
- logging is to syslog or console depending upon snort configuration
- default is no logging
debug-pkts
- enables per packet timing stats to be printed after each packet
- default is off
Rule Configuration Options
max-rule-time <micro-secs>
- enables rule latency thresholding using 'micros-secs' as the limit.
- default is 0 (rule latency thresholding disabled)
- reasonable starting defaults: 100/250/1000 for 1G/100M/5M nets
threshold <count>
- sets the number of consecutive rule time excesses before disabling a rule
- default is 5
suspend-expensive-rules
- enables suspending rule inspection if the max rule time is exceeded
- default is off
suspend-timeout <seconds>
- rule suspension time in seconds
- default is 60 seconds
- set to zero to permanently disable expensive rules
rule-log [log] [alert]
- enables event logging output for rules
- default is no logging
- one or both of the options 'log' and 'alert' must be used with 'rule-log'
- the log option enables output to syslog or console depending upon snort configuration
Next: Examples Up: Packet Performance Monitoring (PPM) Previous: Packet Performance Monitoring (PPM) Contents Steven Sturges 2008-04-01
| site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved. |