[Snort-users] Snort Statistics logging in Daemon Mode now working

dogbert at ...11664... dogbert at ...11664...
Fri Aug 6 14:00:01 EDT 2004


Hi All,

Thanks to user Sekure on this list and a URL reference from 2003:

http://www.pantek.com/library/general/lists/snort.org/snort-devel/msg00522.html

I inserted the following code per the URL:

Change In snort.c

    /* Print Statistics */
    if(!pv.test_mode_flag)
    {
        fpShowEventStats();
        DropStats(0);
    }

to
    /* Print Statistics */
    if(!pv.test_mode_flag)
    {
        fpShowEventStats();
        pv.quiet_flag = 0;
        DropStats(0);
        pv.quiet_flag = 1;
    }

and now I get this in my /var/log/messages :)

Aug  6 13:53:05 nermal snort: Snort initialization completed successfully 
Aug  6 13:53:30 nermal snort:   
=============================================================================== 
Aug  6 13:53:30 nermal snort: Snort analyzed 8668 out of 8668 packets, 
Aug  6 13:53:30 nermal snort: dropping 0(0.000%) packets  
Aug  6 13:53:30 nermal snort: Breakdown by protocol:                Action 
Stats: 
Aug  6 13:53:30 nermal snort:     TCP: 8535       (98.466%)         ALERTS: 
0          
Aug  6 13:53:30 nermal snort:     UDP: 118        (1.361%)          LOGGED: 
0          
Aug  6 13:53:30 nermal snort:    ICMP: 0          (0.000%)          PASSED: 
0          
Aug  6 13:53:30 nermal snort:     ARP: 0          (0.000%) 
Aug  6 13:53:30 nermal snort:   EAPOL: 0          (0.000%) 
Aug  6 13:53:30 nermal snort:    IPv6: 0          (0.000%) 
Aug  6 13:53:30 nermal snort:     IPX: 0          (0.000%) 
Aug  6 13:53:30 nermal snort:   OTHER: 15         (0.173%) 
Aug  6 13:53:33 nermal snort: DISCARD: 0          (0.000%) 
Aug  6 13:53:33 nermal snort: 
=============================================================================== 
Aug  6 13:53:33 nermal snort: Wireless Stats: 
Aug  6 13:53:33 nermal snort: Breakdown by type: 
Aug  6 13:53:33 nermal snort:     Management Packets: 0          (0.000%) 
Aug  6 13:53:33 nermal snort:     Control Packets:    0          (0.000%) 
Aug  6 13:53:33 nermal snort:     Data Packets:       0          (0.000%) 
Aug  6 13:53:33 nermal snort: 
=============================================================================== 
Aug  6 13:53:33 nermal snort: Fragmentation Stats: 
Aug  6 13:53:33 nermal snort: Fragmented IP Packets: 0          (0.000%) 
Aug  6 13:53:33 nermal snort:     Fragment Trackers: 0          
Aug  6 13:53:33 nermal snort:    Rebuilt IP Packets: 0          
Aug  6 13:53:33 nermal snort:    Frag elements used: 0          
Aug  6 13:53:33 nermal snort: Discarded(incomplete): 0          
Aug  6 13:53:33 nermal snort:    Discarded(timeout): 0          
Aug  6 13:53:33 nermal snort:   Frag2 memory faults: 0          
Aug  6 13:53:33 nermal snort: 
=============================================================================== 
Aug  6 13:53:33 nermal snort: TCP Stream Reassembly Stats: 
Aug  6 13:53:33 nermal snort:         TCP Packets Used: 8535       (98.466%) 
Aug  6 13:53:33 nermal snort:          Stream Trackers: 165        
Aug  6 13:53:33 nermal snort:           Stream flushes: 0          
Aug  6 13:53:33 nermal snort:            Segments used: 0          
Aug  6 13:53:33 nermal snort:    Stream4 Memory Faults: 0          
Aug  6 13:53:33 nermal snort: 
=============================================================================== 
Aug  6 13:53:33 nermal snort: Final Flow Statistics 
Aug  6 13:53:33 nermal snort: Snort exiting 

Looks like the original poster in the URL was correct, that this
change got left out in the merge? (shrug)

Bill





More information about the Snort-users mailing list