[Snort-users] Snort Statistics on Shutdown

Esler, Joel - Contractor joel.esler at ...9426...
Thu Aug 5 10:37:06 EDT 2004


Yeah I would love to see this in some type of standard outputting
format.  Dumping a file in your -l directory if snort is killed or if it
is stopped would be awesome.

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of sekure
Sent: Thursday, August 05, 2004 11:31 AM
To: Martin Roesch
Cc: Bill Parker; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snort Statistics on Shutdown


I think what happens is that Snort dumps those stats to stdout, at least
that has been my experience.  So if Snort is running in daemon mode when
its killed, you don't get the stats in you syslog.

On Thu, 5 Aug 2004 11:05:54 -0400, Martin Roesch <roesch at ...1935...>
wrote:
> Hi Bill,
> 
> I just checked the code and the DropStats() function is calling
> LogMessage() to output its info so they should be somewhere in your 
> syslog files.  You aren't reading a pcap file in daemon mode, are you?
> 
>      -Marty
> 
> 
> 
> On Aug 4, 2004, at 11:59 PM, Bill Parker wrote:
> 
> > Ok, now that I have the pig at version 2.1.3, I was curious about 
> > another thing.  I run snort in daemon mode and start/stop it with 
> > the init script provided (no problems at all), but I was under the 
> > impression that snort when it shuts down, should generate some stats

> > as to how many packets were processed, etc.  I see the snort startup
> > in /var/log/messages, should I not see stuff in there when it shuts
> > down?
> >  
> > Bill
> >
> --
> Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
> Sourcefire: Intelligent Security Monitoring roesch at ...1935... - 
> http://www.sourcefire.com
> Snort: Open Source Network IDS - http://www.snort.org
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by OSTG. Have you noticed the changes 
> on Linux.com, ITManagersJournal and NewsForge in the past few weeks? 
> Now, one more big change to announce. We are now OSTG- Open Source 
> Technology Group. Come see the changes on the new OSTG site. 
> www.ostg.com _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe: 
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive: 
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>


-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list