[Snort-users] statistics

Erek Adams erek at ...577...
Sat Sep 22 07:01:02 EDT 2001


On Fri, 21 Sep 2001, Greg Sarsons wrote:

> sort of a followup to a previous post about dumping to binary.
>
> When you collect data and then stop you get the statistics.  Now If I
> use cron to start and stop snort capture at midnight, compress the file,
> how can I get the statistics as to whether packets were dropped?

Send snort a SIGUSR1 then restart it.  From the snort man page

[...]
NOTES
     The following signals have the specified effect when sent to
     the daemon process using the kill(1) command:

     SIGHUP
          Causes the daemon to close all opened  files  and  res-
          tart.  Please note that this will only work if the full
          pathname is used to invoke snort in daemon mode, other-
          wise  snort  will just exit with an error message being
          sent to syslogd(8)

     SIGUSR1
          Causes the program to dump its current packet statisti-
          cal  information to the cosole or syslogd(8) if in dae-
          mon mode.

Remember man is your friend!  ;-)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list