Re: Snort Statistics on Shutdown

[Martin Roesch <roesch () sourcefire com>]

Yeah, we could do that...

On Aug 5, 2004, at 1:36 PM, Esler, Joel - Contractor wrote:

> Yeah I would love to see this in some type of standard outputting
> format.  Dumping a file in your -l directory if snort is killed or if 
> it
> is stopped would be awesome.
>
> -----Original Message-----
> From: snort-users-admin () lists sourceforge net
> [mailto:snort-users-admin () lists sourceforge net] On Behalf Of sekure
> Sent: Thursday, August 05, 2004 11:31 AM
> To: Martin Roesch
> Cc: Bill Parker; snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Snort Statistics on Shutdown
>
>
> I think what happens is that Snort dumps those stats to stdout, at 
> least
> that has been my experience.  So if Snort is running in daemon mode 
> when
> its killed, you don't get the stats in you syslog.
>
> On Thu, 5 Aug 2004 11:05:54 -0400, Martin Roesch 
> <roesch () sourcefire com>
> wrote:
> > Hi Bill,
> >
> > I just checked the code and the DropStats() function is calling
> > LogMessage() to output its info so they should be somewhere in your
> > syslog files.  You aren't reading a pcap file in daemon mode, are you?
> >
> >      -Marty
> >
> >
> >
> > On Aug 4, 2004, at 11:59 PM, Bill Parker wrote:
> >
> > > Ok, now that I have the pig at version 2.1.3, I was curious about
> > > another thing.  I run snort in daemon mode and start/stop it with
> > > the init script provided (no problems at all), but I was under the
> > > impression that snort when it shuts down, should generate some stats
>
> > > as to how many packets were processed, etc.  I see the snort startup
> > > in /var/log/messages, should I not see stuff in there when it shuts
> > > down?
> > >
> > > Bill
> > --
> > Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
> > Sourcefire: Intelligent Security Monitoring roesch () sourcefire com -
> > http://www.sourcefire.com
> > Snort: Open Source Network IDS - http://www.snort.org
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by OSTG. Have you noticed the changes
> > on Linux.com, ITManagersJournal and NewsForge in the past few weeks?
> > Now, one more big change to announce. We are now OSTG- Open Source
> > Technology Group. Come see the changes on the new OSTG site.
> > www.ostg.com _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by OSTG. Have you noticed the changes on
> Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
> one more big change to announce. We are now OSTG- Open Source 
> Technology
> Group. Come see the changes on the new OSTG site. www.ostg.com
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
--
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org



-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users