On 7/22/10 10:32 AM, Eric A. Hall wrote:
Sometimes the AWL rule doesn't appear in the list. From looking at the
due to performance vs accuracy issues, AWL was demoted in SA 3.3x.
It might not be worth the cpu cycles
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
*| *SECNAP Network
On Thu, 22 Jul 2010 10:32:37 -0400
Eric A. Hall eh...@ntrg.com wrote:
Sometimes the AWL rule doesn't appear in the list. From looking at the
behavior it seems that the rule is only guaranteed to fire if the
stored score for the tuple is significantly different than the
message score, or if
On 7/22/2010 11:24 AM, RW wrote:
I don't recall seeing anything like that. Are sure it's not due to the
IP address changing or AWL being short-circuited?
My testing is with local message files. If I use sa-awl to dump the
database I can see the counter increment, but the rule doesn't fire
On tor 22 jul 2010 16:47:21 CEST, Michael Scheidell wrote
On 7/22/10 10:32 AM, Eric A. Hall wrote:
Sometimes the AWL rule doesn't appear in the list. From looking at the
due to performance vs accuracy issues, AWL was demoted in SA 3.3x.
well if running awl as it was 3.2.x then its wasting
On 7/22/2010 10:32 AM, Eric A. Hall wrote:
Sometimes the AWL rule doesn't appear in the list.
That's correct.
At the very least, The AWL is a score averager, so the first message
from a given From: and source IP combination cannot be AWLed. This
definitely will cause a no-show. You need an
On 7/22/2010 10:47 AM, Michael Scheidell wrote:
On 7/22/10 10:32 AM, Eric A. Hall wrote:
Sometimes the AWL rule doesn't appear in the list. From looking at the
due to performance vs accuracy issues, AWL was demoted in SA 3.3x.
It might not be worth the cpu cycles
Slight Correction: The
On 7/22/2010 11:07 PM, Matt Kettler wrote:
On 7/22/2010 10:32 AM, Eric A. Hall wrote:
If the current code is intended, I'd like to request a new function call
that tells if the tuple exists and the number of times it has been seen
For what purpose? (Not trying to be mean, just asking,
