[Snort-users] Snort Statistics on Shutdown

Martin Roesch roesch at ...1935...
Thu Aug 5 11:12:18 EDT 2004


Yeah, we could do that...

On Aug 5, 2004, at 1:36 PM, Esler, Joel - Contractor wrote:

> Yeah I would love to see this in some type of standard outputting
> format.  Dumping a file in your -l directory if snort is killed or if 
> it
> is stopped would be awesome.
>
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of sekure
> Sent: Thursday, August 05, 2004 11:31 AM
> To: Martin Roesch
> Cc: Bill Parker; snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Snort Statistics on Shutdown
>
>
> I think what happens is that Snort dumps those stats to stdout, at 
> least
> that has been my experience.  So if Snort is running in daemon mode 
> when
> its killed, you don't get the stats in you syslog.
>
> On Thu, 5 Aug 2004 11:05:54 -0400, Martin Roesch 
> <roesch at ...1935...>
> wrote:
>> Hi Bill,
>>
>> I just checked the code and the DropStats() function is calling
>> LogMessage() to output its info so they should be somewhere in your
>> syslog files.  You aren't reading a pcap file in daemon mode, are you?
>>
>>      -Marty
>>
>>
>>
>> On Aug 4, 2004, at 11:59 PM, Bill Parker wrote:
>>
>>> Ok, now that I have the pig at version 2.1.3, I was curious about
>>> another thing.  I run snort in daemon mode and start/stop it with
>>> the init script provided (no problems at all), but I was under the
>>> impression that snort when it shuts down, should generate some stats
>
>>> as to how many packets were processed, etc.  I see the snort startup
>>> in /var/log/messages, should I not see stuff in there when it shuts
>>> down?
>>>
>>> Bill
>>>
>> --
>> Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
>> Sourcefire: Intelligent Security Monitoring roesch at ...1935... -
>> http://www.sourcefire.com
>> Snort: Open Source Network IDS - http://www.snort.org
>>
>> -------------------------------------------------------
>> This SF.Net email is sponsored by OSTG. Have you noticed the changes
>> on Linux.com, ITManagersJournal and NewsForge in the past few weeks?
>> Now, one more big change to announce. We are now OSTG- Open Source
>> Technology Group. Come see the changes on the new OSTG site.
>> www.ostg.com _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by OSTG. Have you noticed the changes on
> Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
> one more big change to announce. We are now OSTG- Open Source 
> Technology
> Group. Come see the changes on the new OSTG site. www.ostg.com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-users mailing list