mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34 lines
2.3 KiB
ReStructuredText
34 lines
2.3 KiB
ReStructuredText
Rule Profiling
|
|
==============
|
|
|
|
::
|
|
|
|
--------------------------------------------------------------------------
|
|
Date: 9/5/2013 -- 14:59:58
|
|
--------------------------------------------------------------------------
|
|
Num Rule Gid Rev Ticks % Checks Matches Max Ticks Avg Ticks Avg Match Avg No Match
|
|
-------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- --------------
|
|
1 2210021 1 3 12037 4.96 1 1 12037 12037.00 12037.00 0.00
|
|
2 2210054 1 1 107479 44.26 12 0 35805 8956.58 0.00 8956.58
|
|
3 2210053 1 1 4513 1.86 1 0 4513 4513.00 0.00 4513.00
|
|
4 2210023 1 1 3077 1.27 1 0 3077 3077.00 0.00 3077.00
|
|
5 2210008 1 1 3028 1.25 1 0 3028 3028.00 0.00 3028.00
|
|
6 2210009 1 1 2945 1.21 1 0 2945 2945.00 0.00 2945.00
|
|
7 2210055 1 1 2945 1.21 1 0 2945 2945.00 0.00 2945.00
|
|
8 2210007 1 1 2871 1.18 1 0 2871 2871.00 0.00 2871.00
|
|
9 2210005 1 1 2871 1.18 1 0 2871 2871.00 0.00 2871.00
|
|
10 2210024 1 1 2846 1.17 1 0 2846 2846.00 0.00 2846.00
|
|
|
|
The meaning of the individual fields:
|
|
|
|
* Ticks -- total ticks spent on this rule, so a sum of all inspections
|
|
* % -- share of this single sig in the total cost of inspection
|
|
* Checks -- number of times a signature was inspected
|
|
* Matches -- number of times it matched. This may not have resulted in an alert due to suppression and thresholding.
|
|
* Max ticks -- single most expensive inspection
|
|
* Avg ticks -- per inspection average, so "ticks" / "checks".
|
|
* Avg match -- avg ticks spent resulting in match
|
|
* Avg No Match -- avg ticks spent resulting in no match.
|
|
|
|
The "ticks" are CPU clock ticks: http://en.wikipedia.org/wiki/CPU_time
|