Re: send snort a signal to output stats

[Marcin Dulak <marcin.dulak () gmail com>]

USR1 should cause snort to write some statistics into the main output log,
starting with

*** Caught Dump Stats-Signal
===============================================================================
Memory usage summary:
...

If you have the profiling information configured, then restarting
snort daemon should create the files with additional information
(see
http://blog.qualtechsoftware.com/2011/10/use-profiling-to-improve-snort-performance/
and https://netsecsupport.wordpress.com/):

###################################################
# Configure Perf Profiling for debugging
# For more information see README.PerfProfiling
###################################################

config profile_rules: print all, sort avg_ticks, filename profile_rules.out
append
config profile_preprocs: print all, sort avg_ticks, filename
profile_preprocs.out append


Marcin


On Fri, May 12, 2017 at 4:43 PM, Charlie Dyer <charlierwdyer () gmail com>
wrote:

> Hi
>
> Thanks for that, it doesn't return anything, do I have to compile snort in
> a certain way to enable this functionality?
> What stats are dumped when it does work?
>
> Many thanks
>
> On Fri, May 12, 2017 at 2:52 PM, Marcin Dulak <marcin.dulak () gmail com>
> wrote:
>
> > try: kill -USR1 `pidof snort`
> >
> > Marcin
> >
> > On Fri, May 12, 2017 at 3:28 PM, Charlie Dyer <charlierwdyer () gmail com>
> > wrote:
> >
> > > Hello list
> > >
> > > Is there a signal you can send to snort whilst its running that will
> > > output
> > > current traffic stats?
> > >
> > > Many thanks
> > >
> > > Charles
> > > ------------------------------------------------------------
> > > ------------------
> > > Check out the vibrant tech community on one of the world's most
> > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> > >
> > > Please visit http://blog.snort.org to stay current on all the latest
> > > Snort news!
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!