[Snort-users] How to know if snort is dropping packets

Martin Roesch roesch at ...1935...
Tue Oct 30 16:15:03 EST 2001


Marc-Andre Hamelin wrote:
> 
> Hi all,
> 
> Anyone as a way to know in real time if snort is dropping packets without
> having to stop the processes and restart them ?
> Also, how about when the processes are running in daemon mode ?

Send the Snort process a SIGUSR1, if it's running on daemon mode it
prints to syslog, if it's running on the console it'll print to that
display.

     -Marty



> I have a box that runs many snort processes in daemon mode and logs on a
> central server with mysql+acid; sometime the load becomes very high on the
> sensor, so I'd like to make sure snort isn't dropping packets.
> 
> Up until now, I just made some tests by starting the processes manually
> without the -D option ,and let them ran for a while. But it's not really
> useful if the network traffic is not peaking during my tests.
> 
> Thanks
> 
> Marc
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Martin Roesch - President, Sourcefire Inc. - (410)552-6999
roesch at ...1935... - http://www.sourcefire.com  
Snort: Open Source Network IDS - http://www.snort.org




More information about the Snort-users mailing list