Snort mailing list archives
Re: Enable perprofile
From: Abdullah AL-Mutairy <abohabeeb1412 () gmail com>
Date: Sun, 9 Apr 2017 11:13:50 +0300
thank you guys for help i will try as you have suggested. i appreciate your help! On Sun, Apr 9, 2017 at 3:06 AM, Joel Esler (jesler) <jesler () cisco com> wrote:
Also, the statements at the top of the Snort.conf are the recommended compile options. They have nothing to do with the Snort.conf itself. -- Sent from my iPhoneOn Apr 8, 2017, at 19:29, "wkitty42 () windstream net" <wkitty42 () windstream net> wrote:On 04/08/2017 06:23 PM, Abdullah AL-Mutairy wrote: Hello everyone! I was trying to enable performance profiling in snort 2.9.9. So i edit snort.conf and delete the "#" that comes before OPTIONS :--enbale-gre --enable-mpls .. etc.But when i validate the configurations i get an error.you don't need those for performance monitoring... maybe the one for --enable-perfprofiling but those are for building snort from source soyou needto rebuild with that option in place...How can i enable performance monitoring? I want to see details about cpu usage, number of signatures detected, and other details.you need to enable "preprocessor perfmonitor" in snort.conf... here's an example... there are six lines... the first line is a description... thenextfour are commented out examples... you only need one of the others tocreate thecsv file with the performance data in it... we use the last one here toget datawritten to the csv file every 5 minutes... # performance statistics. For more information, see the Snort Manual, Configuring Snort - Preprocessors - Performance Monitor # preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt10000# preprocessor perfmonitor: time 300 file /var/log/snort/snort.statspktcnt 10000# preprocessor perfmonitor: time 300 snortfile snort.csv pktcnt 10000 # preprocessor perfmonitor: time 300 snortfile snort.csv pktcnt 1000 preprocessor perfmonitor: time 300 snortfile snort.csv pktcnt 1 then there's these next two sections... the first for profiling rulesand thesecond for profiling the snort processors... # rules profiling # print worst 25 rules based on time spent in them... #config profile_rules: print all, sort total_ticks, filenamerules_stats.logconfig profile_rules: print 25, sort total_ticks, filenamerules_stats.log# preprocessor profiling # print worst 10 preprocessors based on time spent in them... config profile_preprocs: print 10, sort total_ticks, filenamepreprocs_stats.logplease read my signature below and keep responses *on the list*... donot replyto me in private... it will be ignored or followed up by support contract requirements... take the free assistance from the list while it isavailable ;)-- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latestSnort news! ------------------------------------------------------------ ------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Enable perprofile Abdullah AL-Mutairy (Apr 08)
- Re: Enable perprofile wkitty42 (Apr 08)
- Re: Enable perprofile Joel Esler (jesler) (Apr 08)
- Re: Enable perprofile Abdullah AL-Mutairy (Apr 09)
- Re: Enable perprofile Joel Esler (jesler) (Apr 08)
- Re: Enable perprofile wkitty42 (Apr 08)