[Snort-devel] No stats

Martin Olsson elof at ...969...
Thu May 15 05:57:07 EDT 2003


Why have all the nice information and statistics been removed from snort
v2.0.0?

When running 1.9.x in test-mode (-T), you got a lot of useful information
about the snort-configuration. In v2.0.0 you get way less information,
which is bad.

Also, when you kill the snort process, v1.9.1 logged some nice statistics.
In v2.0.0 they are all gone. This too is bad.


Could we please have the stats back?


v1.9.1:
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Evasion alerts: INACTIVE
    Scan alerts: ACTIVE
    Log Flushed Streams: INACTIVE
    MinTTL: 1
    TTL Limit: 5
    Async Link: 0
    State Protection: 0
    Self preservation threshold: 0
    Self preservation period: 0
    Suspend threshold: 0
    Suspend period: 0
Stream4_reassemble config:
    Server reassembly: ACTIVE
    Client reassembly: ACTIVE
    Reassembler alerts: ACTIVE
    Ports: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 ...
http_decode arguments:
    Unicode decoding
    IIS alternate Unicode decoding
    IIS double encoding vuln
    Flip backslash to slash
    Include additional whitespace separators
    Ports to decode http on: 80
telnet_decode arguments:
    Ports to decode telnet on: 21 23 25 119
Conversation Config:
   KeepStats: 0
   Conv Count: 32000
   Timeout   : 60
   Alert Odd?: 0
   Allowed IP Protocols:  All
Portscan2 config:
    log: /snort/log/snort.portscan
    scanners_max: 3200
    targets_max: 5000
    target_limit: 25
    port_limit: 100
    timeout: 60
database: compiled support for ( mysql )
database: configured to use mysql
database:          user = sentor
database: password is set
database: database name = snort
database:          host = 10.1.2.3
database:   sensor name = sensor-08
database:     sensor id = 11
database: schema version = 106
database: using the "log" facility
1195 Snort rules read...
1195 Option Chains linked into 127 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++
Rule application order: ->pass->activation->dynamic->alert->log->trapdb
        --== Initialization Complete ==--

v1.9.1 killed:
 snort: Snort analyzed 668289 out of 677025 packets,
 snort: dropping 8736(1.290%) packets
 snort: Breakdown by protocol:                Action Stats:
 snort:     TCP: 658135     (97.210%)         ALERTS: 15
 snort:     UDP: 403        (0.060%)          LOGGED: 15
 snort:    ICMP: 32         (0.005%)          PASSED: 29
 snort:     ARP: 116        (0.017%)
 snort:   EAPOL: 0          (0.000%)
 snort:    IPv6: 0          (0.000%)
 snort:     IPX: 0          (0.000%)
 snort:   OTHER: 765        (0.113%)
 snort: DISCARD: 0          (0.000%)
 snort: =======================================================================
 snort: Wireless Stats:
 snort: Breakdown by type:
 snort:     Management Packets: 0          (0.000%)
 snort:     Control Packets:    0          (0.000%)
 snort:     Data Packets:       0          (0.000%)
 snort: =======================================================================
 snort: Fragmentation Stats:
 snort: Fragmented IP Packets: 0          (0.000%)
 snort:     Fragment Trackers: 0
 snort:    Rebuilt IP Packets: 0
 snort:    Frag elements used: 0
 snort: Discarded(incomplete): 0
 snort:    Discarded(timeout): 0
 snort:   Frag2 memory faults: 0
 snort: =======================================================================
 snort: TCP Stream Reassembly Stats:
 snort:         TCP Packets Used: 658135     (97.210%)
 snort:          Stream Trackers: 294
 snort:           Stream flushes: 191880
 snort:            Segments used: 464605
 snort:    Stream4 Memory Faults: 0
 snort: =======================================================================






More information about the Snort-devel mailing list