Snort PerfMonitor - IP-Flow behaviour

[Dheeraj Gupta <dheeraj.gupta4 () gmail com>]

Hi,
I am trying to use snort's perfmonitor pre-processor to find out traffic
flowing between IP pairs.
Earlier I configured the perfmonior to log evertything to a file using

`preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt
1000 max_file_size 100000`

And it worked fine. Stats were written after every 300 seconds (or
thereabout)

Now I need the ip-flow info in a separate file. So I use the following line

`preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt
1000 max_file_size 100000 flow-ip flow-ip-file /var/log/snort/ipflow.csv
flow-ip-memcap 10000000000`

Again the snort.stats file gets populated normally, but the ipflow.csv file
only updates when snort is stopped.
I think the manual clearly states that "These statistics are printed and
reset at the end of each interval.", so why are the IP Flow stats not
printed at the end of each interval? Am I doing something wrong?

Thanks

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!