[despammed] RE: [Snort-users] Offtopic - Snort packet stats

Ed McMan edmcman at ...2893...
Thu May 16 19:49:02 EDT 2002


Why not killall -10 snort
?
-------------------------------------------------------------
|Eddie J Schwartz <EdMcMan at ...2893...> http://www.m00.net|
|   AIM: The Cypher ICQ: 35576339 YHOO: edmcman2 MSN: ^^    |
| "We Trills have an expression--at forty, you think you    |
| know everything.  At four hundred, you realize you know   |
|         nothing." - Dax, Star Trek Deep Space 9           |
-------------------------------------------------------------
----- Original Message -----
From: <BShinn at ...4086...>
To: <bthaler at ...2720...>; <snort-users at lists.sourceforge.net>
Sent: Thursday, May 16, 2002 10:37 PM
Subject: [despammed] RE: [Snort-users] Offtopic - Snort packet stats


> Sending SIGUSER1 to snort will dump the stats to syslog while the program
> continues to run.
>
> While I am still learning how to do this...
>
> If one were to write a script that grabs the pid from snort, either from a
> pid file or from a grep of ps -A , then send kill -10 to that pid, snort
> will dump the running stats to syslog (/var/log/messages on my RH 7.2)....
>
> I also tried piping the output to a file as you did, but since it always
> dumps it to the syslog, not the terminal, I am thinking I need to parse
that
> some how.
>
> -----Original Message-----
> From: bthaler at ...2720... [mailto:bthaler at ...2720...]
> Sent: Thursday, May 16, 2002 3:30 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Offtopic - Snort packet stats
>
> Sorry if this is a bit off topic, but:
>
> I'm using kill -30 on my OBSD-3.0 system to view the packet stats that
snort
> generates.  I would like take this output and mail it to an email address,
> but I'm having no luck.  Here is what I have tried so far:
>
> kill -30 xxxx | mail -s "Snort Packet Stats" email at ...5892...
> kill -30 xxxx > snortstat.txt
> kill -30 xxxx | tee snortstat.txt
>
> Funny thing is, these work fine for sending other commands to a file or
> such, but not "kill" for some reason.






More information about the Snort-users mailing list