On 7/22/2010 11:07 PM, Matt Kettler wrote:
> On 7/22/2010 10:32 AM, Eric A. Hall wrote:
>> If the current code is intended, I'd like to request a new function call
>> that tells if the tuple exists and the number of times it has been seen
>
> For what purpose? (Not trying to be mean, just asking
On 7/22/2010 10:47 AM, Michael Scheidell wrote:
> On 7/22/10 10:32 AM, Eric A. Hall wrote:
>> Sometimes the AWL rule doesn't appear in the list. From looking at the
>>
> due to performance vs accuracy issues, AWL was demoted in SA 3.3x.
>
> It might not be worth the cpu cycles
>
Slight Correcti
On 7/22/2010 10:32 AM, Eric A. Hall wrote:
> Sometimes the AWL rule doesn't appear in the list.
That's correct.
At the very least, The AWL is a score averager, so the first message
from a given From: and source IP combination cannot be AWLed. This
definitely will cause a no-show. You need an exist
On tor 22 jul 2010 16:47:21 CEST, Michael Scheidell wrote
On 7/22/10 10:32 AM, Eric A. Hall wrote:
Sometimes the AWL rule doesn't appear in the list. From looking at the
due to performance vs accuracy issues, AWL was demoted in SA 3.3x.
well if running awl as it was 3.2.x then its wasting cpu
On 7/22/2010 11:24 AM, RW wrote:
> I don't recall seeing anything like that. Are sure it's not due to the
> IP address changing or AWL being short-circuited?
My testing is with local message files. If I use sa-awl to dump the
database I can see the counter increment, but the rule doesn't fire unl
On Thu, 22 Jul 2010 10:32:37 -0400
"Eric A. Hall" wrote:
>
> Sometimes the AWL rule doesn't appear in the list. From looking at the
> behavior it seems that the rule is only guaranteed to fire if the
> stored score for the tuple is significantly different than the
> message score, or if the stor
On 7/22/10 10:32 AM, Eric A. Hall wrote:
Sometimes the AWL rule doesn't appear in the list. From looking at the
due to performance vs accuracy issues, AWL was demoted in SA 3.3x.
It might not be worth the cpu cycles
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network
Sometimes the AWL rule doesn't appear in the list. From looking at the
behavior it seems that the rule is only guaranteed to fire if the stored
score for the tuple is significantly different than the message score, or
if the stored tuple has a very high stored score. But if the stored score
and me
