Re: snort perf monitoring

[Matt Kettler <mkettler () evi-inc com>]

John Hally wrote:
> Hello All,
>
>  
>
> I was wondering how I would go about monitoring the performance of the
> snort process.  I think I've successfully implemented PF_RING and I
> guess I'm looking for proof that it's working the way I think it is.  I
> currently have Ntop running using the PF_RING libpcap and it looks like
> it's performing well based on its built in perf stats on dropped packets
> by pcap or the ntop process.  I'm just not sure if there's an easy way
> to do the same with snort.  Is there possibly an snmp hook into the
> process where I could grab stats using an mrtg/cricket like app.

send it snort a kill -USR1 and it will dump packet stats to syslog.

Either that or if you run snort in console mode (non-daemon) it will print them
when you ctrl-c to exit.


-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users