[Snort-users] Snort Packet Stats

Martin Roesch roesch at ...1935...
Thu Jan 10 13:41:06 EST 2002


Send the snort PID a SIGUSR1 and it'll dump stats to the console
(console mode) or syslog (daemon mode).

     -Marty

Matt Jonkman wrote:
> 
> We're working on our own homegrown snort back-end and want to really
> concentrate on having detailed live and trending stats for each sensor.
> 
> Is there a way to get the stats that snort dumps when you ^C a non-daemon
> instance when you are running as a daemon? If not is there another source of
> the running stats we can grab and trend?
> 
> Thanks
> 
> Matt
> 
> I.E these stats:
> 
> ============================================================================
> ===
> Snort analyzed 4444 out of 6034 packets, dropping 1590(26.351%) packets
> 
> Breakdown by protocol:                Action Stats:
>     TCP: 2494       (41.332%)         ALERTS: 0
>     UDP: 108        (1.790%)          LOGGED: 0
>    ICMP: 0          (0.000%)          PASSED: 0
>     ARP: 0          (0.000%)
>    IPv6: 0          (0.000%)
>     IPX: 0          (0.000%)
>   OTHER: 102        (1.690%)
> DISCARD: 0          (0.000%)
> ============================================================================
> ===
> Fragmentation Stats:
> Fragmented IP Packets: 0          (0.000%)
>     Fragment Trackers: 0
>    Rebuilt IP Packets: 0
>    Frag elements used: 0
> Discarded(incomplete): 0
>    Discarded(timeout): 0
>   Frag2 memory faults: 0
> ============================================================================
> ===
> TCP Stream Reassembly Stats:
>         TCP Packets Used: 0          (0.000%)
>          Stream Trackers: 0
>           Stream flushes: 0
>            Segments used: 0
>    Stream4 Memory Faults: 0
> ============================================================================
> ===
> Snort received signal 2, exiting
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Martin Roesch - Founder/CEO, Sourcefire Inc. - (410)552-6999
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch at ...1935... - http://www.sourcefire.com  
Snort: Open Source Network IDS - http://www.snort.org




More information about the Snort-users mailing list