[Snort-devel] Status alert

Martin Olsson elof at ...969...
Tue Feb 3 04:01:12 EST 2004


Hi guys.

I got an idea...

If you send a SIGUSR2 signal to the snort process it should generate an
alert. This way you can test and see that your snort system is up and
running.

I can't generate this kind of "status alert" manually.
* The monitoring interface is listening on a customer's internal net
* The monitoring interface have no IP-address
* I'm not allowed to generate any kind of traffic from the sensor on the
  monitored net

I want to manually force the snort process to generate a "status alert"
to check that the whole chain from the snort to the mysql-server and ACID
is working properly.


If SIGUSR2 is already in use or is reserved, then maybe the alert could be
sent if you send two SIGUSR1 within 0.5 seconds?


Maybe the alert could contain a virtual packet whos payload contain the
current statistics (dropped packets, frag stats, stream stats, etc)?

/Martin





More information about the Snort-devel mailing list