Snort mailing list archives
Re: Snort Check and Rules 'Best Practice'
From: Erek Adams <erek () theadamsfamily net>
Date: Thu, 14 Nov 2002 08:43:50 -0800 (PST)
On Thu, 14 Nov 2002, Derrick Lichti wrote:
I'm wondering if there is a way to check and see how many packets Snort is dropping, if any, while it is still running. I think I might be losing packets but I'm not sure (ie. when MSN Messenger was spammed last night, multiple users were received messages and only one of them appeared in the Snort logs)!
Send snort a SIGUSR1 [0] and it'll dump stats and reload rules.
And, I'm looking for the best way to update my rules but keep all the changes the I have made. I've seen Snortcenter, does it allow this? I've made many modifications to the rules themselves and I would like to avoid having to re-update everything individually.
Oinkmaster [1]. ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net [0] http://marc.theaimsgroup.com/?l=snort-users&m=102534142722425&w=2 (at the very bottom) [1] http://www.algonet.se/~nitzer/oinkmaster/ ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Check and Rules 'Best Practice' Derrick Lichti (Nov 14)
- Re: Snort Check and Rules 'Best Practice' Erek Adams (Nov 14)