Nice stats, Andrew! And Pete, thanks for spending so much time and effort to make it work so well, despite us beating on you because it doesn’t catch every spam campaign from the very first message! Sniffer has always been our number one tool in this battle.
Darin. From: Colbeck, Andrew Sent: Thursday, March 28, 2013 7:50 PM To: Message Sniffer Community Subject: [sniffer] How fast is *my* MessageSniffer? (was: IP Change on rulebase delivery system) Answer: pretty darn fast for a system that I think is slow anyway I think my MTA is a busy system, and I know that it’s not MessageSniffer that keeps the server busy. A glance with Task Manager or Process Explorer shows very little CPU time is spent by MessageSniffer. I threw some grepping etc and then Excel at the xml file for one average business day and came up with… 25% of messages are scanned within 100ms 50% of messages are scanned within 140ms 99% of messages are scanned within 330ms I also looked at the “setup time”. I’ll spare you the graph; my results are: 80% of messages are loaded so quickly that the time is recorded as zero ms 85% of messages are loaded in 15ms or fewer 95% of messages are loaded in 30ms or fewer 99% of messages are loaded 125ms or fewer Actually, everything above 98% of my volume takes longer to load but for ridiculously smaller volume of messages. A spot check shows that those are indeed rodents messages of unusual size. Thanks for the nudge, Pete. I knew MessageSniffer was fast, I just hadn’t bothered to quantify it before. Andrew. -----Original Message----- From: Message Sniffer Community [mailto:sniffer@sortmonster.com] On Behalf Of Pete McNeil Sent: Wednesday, March 27, 2013 2:43 PM To: Message Sniffer Community Subject: [sniffer] Re: IP Change on rulebase delivery system On 2013-03-27 17:16, Richard Stupek wrote: > The spikes aren't as prolonged at the present. Interesting. A short spike like that might be expected if the message was longer than usual, but on average SNF should be very light-weight. One thing you can check is the performance data in your logs. That will show how much time in cpu milleseconds it is taking for each scan and how long the scans are in bytes. This might shed some light. http://www.armresearch.com/support/articles/software/snfServer/logFiles/activityLogs.jsp Look for something like <p s='10' t='8' l='3294' d='84'/> in each scan. >From the documentation: > <s><p/></s> - Scan Performance Monitoring (performance='yes') p:s = > Setup time in milliseconds p:t = Scan time in milliseconds p:l = Scan > length in bytes p:d = Scan depth (peak evaluator count) > Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: <sniffer-...@sortmonster.com> To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com> To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com> Send administrative queries to <sniffer-requ...@sortmonster.com>
<<image001.png>>
