[Snort-users] gigabit nic?

Matt Kettler mkettler at ...4108...
Tue Sep 10 15:06:04 EDT 2002


The kill should return to the cmd prompt and that is the correct 
commandline. On mine it nicely dumps stats to syslog. Are you running snort 
interactively instead of daemonized?


I get all of this dumpted to syslog (leading parts of the lines lines 
removed to conceal machine name for my snort box)

    =========================================================================
  Snort analyzed 621505 out of 621505 packets,
  The kernel dropped 0(0.000%) packets
  Breakdown by protocol:                Action Stats:
      TCP: 597723     (96.173%)         ALERTS: 31
      UDP: 21734      (3.497%)          LOGGED: 7
     ICMP: 439        (0.071%)          PASSED: 0
      ARP: 2          (0.000%)
     IPv6: 0          (0.000%)
      IPX: 0          (0.000%)
    OTHER: 1598       (0.257%)
  DISCARD: 0          (0.000%)
  ===========================================================================

  Fragmentation Stats:
  Fragmented IP Packets: 15         (0.002%)
      Fragment Trackers: 6
     Rebuilt IP Packets: 6
     Frag elements used: 15
  Discarded(incomplete): 0
     Discarded(timeout): 0
    Frag2 memory faults: 0
  ===========================================================================
  TCP Stream Reassembly Stats:
          TCP Packets Used: 597723     (96.173%)
           Stream Trackers: 14449
            Stream flushes: 15953
             Segments used: 27598
     Stream4 Memory Faults: 0
  ===========================================================================


At 05:58 PM 9/10/2002 -0400, Sheahan, Paul (PCLN-NW) wrote:
>Thanks for the info. I tried "kill -SIGUSR1 <snortpid#>" and it returned to
>the shell prompt. I then did a tail on /var/log/messages, but no stats were
>there. Anything I might be doing wrong?
>
>Thanks again
>
>
>-----Original Message-----
>From: Matt Kettler [mailto:mkettler at ...4108...]
>Sent: Tuesday, September 10, 2002 5:24 PM
>To: Sheahan, Paul (PCLN-NW); Snort List (E-mail)
>Subject: RE: [Snort-users] gigabit nic?
>
>
>Send snort a SIGUSR1 with kill then check your syslog.
>
>This will dump the statistics including the number of packets, the #
>analyzed and the # dropped into syslog without stopping snort.





More information about the Snort-users mailing list