[Snort-users] How to know if snort is dropping packets

Marc-Andre Hamelin mhamelin at ...1801...
Tue Oct 30 09:40:02 EST 2001


Hi all,

Anyone as a way to know in real time if snort is dropping packets without
having to stop the processes and restart them ?
Also, how about when the processes are running in daemon mode ?

I have a box that runs many snort processes in daemon mode and logs on a
central server with mysql+acid; sometime the load becomes very high on the
sensor, so I'd like to make sure snort isn't dropping packets.

Up until now, I just made some tests by starting the processes manually
without the -D option ,and let them ran for a while. But it's not really
useful if the network traffic is not peaking during my tests.

Thanks

Marc




More information about the Snort-users mailing list