Snort mailing list archives
Re: Broken Kill USR1 Statistics
From: "Colin Grady" <colin.grady () gmail com>
Date: Thu, 24 Aug 2006 09:52:41 -0500
Thanks for the suggestion, Bill! Colin Grady On 8/24/06, Bill Parker <dogbert () netnevada net> wrote:
----- Original Message ----- From: "Colin Grady" <colin.grady () gmail com> To: <snort-users () lists sourceforge net> Sent: Thursday, August 24, 2006 6:59 AM Subject: [Snort-users] Broken Kill USR1 StatisticsI've been trying to gather some statistics from the Snort process by sending the USR1 kill signal, but I'm seeing some weird behavior. This is Snort 2.6.0.1. First time using kill -USR1: Aug 24 08:51:32 Sensor snort[24795]: *** Caught Usr-Signal Aug 24 08:51:32 Sensor snort[24795]: Snort received 7294740 packets Aug 24 08:51:32 Sensor snort[24795]: Analyzed: 5628802(77.162%) Aug 24 08:51:32 Sensor snort[24795]: Dropped: 1665920(22.837%) Aug 24 08:51:32 Sensor snort[24795]: Outstanding: 18(0.000%) Second time using kill -USR1: Aug 24 08:51:40 Sensor snort[24795]: *** Caught Usr-Signal Aug 24 08:51:40 Sensor snort[24795]: Snort received 200871 packets Aug 24 08:51:40 Sensor snort[24795]: Analyzed: 5829688(2902.205%) Aug 24 08:51:40 Sensor snort[24795]: Dropped: 0(0.000%) Aug 24 08:51:40 Sensor snort[24795]: Outstanding:4289338479(2135369.750%)Strange, but if the snort team included the configure command --enable-timestats in 2.6.x (it's in 2.4.x), snort should produce statistics every 60 minutes to where you are normally logging snort stuff (usually /var/log/messages). This works without having to use KILL -USR1 (which is why I wrote the code in the first place) <shameless plug inserted here> :-) Bill ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Broken Kill USR1 Statistics Colin Grady (Aug 24)
- Re: Broken Kill USR1 Statistics Adam Keeton (Aug 24)
- Re: Broken Kill USR1 Statistics Bill Parker (Aug 24)
- Re: Broken Kill USR1 Statistics Colin Grady (Aug 24)