[Snort-users] performance monitoring

Erik Fichtner emf at ...367...
Sat May 29 12:22:03 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, May 29, 2004 at 01:39:01AM -0700, nt wrote:
> I am output the performance monitoring to a file and i would like to
> know what each column represents does any one know I plan on parsing and
> displaying in a web page.
> below is the output.
>  
> 1085819494,0.000,3.6,0.3,0.9,661,117.54,9.0,7.7,8.9,8.9,159,555,55.8,0,5
> 9,0.0,0.0,0.0,0.0,0,0,4.7,0.9,94.4


make_snortperf_rrd.sh:


#!/bin/sh

# Example input line:
# 1085604455,0.000,73.9,0.4,21.9,430,80.60,1340.4,1348.7,257.0,2399.7,991.5,967.7,24525,40918,0.0,0,1,0.3,0.5,0.2,0.2,60,0,23.4,3.4,73.3
#
# 1. epoch seconds,             [1085604455]
# 2. %packets dropped,          [0.000]
# 3. MBits/sec,                 [73.9]
# 4. alerts/sec,                [0.4]
# 5. kpkts/sec,                 [21.9]
# 6. avg bytes/pkt,             [430]
# 7. %bytes pattern matched,    [80.60]
# 8. syns/sec                   [1340.4]
# 9. synacks/sec                [1348.7]
# 10. rsts/sec                  [257.0]                 (only in emf's patch to 2.1.3rc1)
# 11. fins/sec                  [2399.7]                (only in emf's patch to 2.1.3rc1)
# 12. new-sessions/sec          [991.5]			(from preprocessor stream4)
# 13. del-sessions/sec          [967.7]			..
# 14. total sessions open       [24525]			..						
# 15. max sessions              [40918]			..
# 16. stream flushes/sec        [0.0]			..
# 17. stream faults/sec         [0]			..
# 18. stream timeouts           [1]			..
# 19. fragcompletes/sec         [0.3]			(from preprocessor frag2)
# 20. fraginserts/sec           [0.5]			..
# 21. fragdeletes/sec           [0.2]			..
# 22. fragflushes/sec           [0.2]			..
# 23. frag timeouts             [60]			..
# 24. frag faults               [0]			..
# 25. %user CPU usage           [23.4]
# 26. %sys CPU usage            [3.4]
# 27. %idle CPU usage           [73.3] 


if [ x"$1" = x"" ] ; then
        echo "Usage:  $0 [sensorname]";
        exit 128
else

rrdtool create snortperf_${1}.rrd --step 60 --start 01/01/2002 \
 DS:pct_pkts_dropped:GAUGE:180:U:U \
 DS:mbits_sec:GAUGE:180:U:U \
 DS:alerts_sec:GAUGE:180:U:U \
 DS:kpkts_sec:GAUGE:180:U:U \
 DS:avg_bytes_pkt:GAUGE:180:U:U \
 DS:pct_bytes_matched:GAUGE:180:U:U \
 DS:syn:GAUGE:180:U:U \
 DS:synack:GAUGE:180:U:U \
 DS:rst:GAUGE:180:U:U \
 DS:fin:GAUGE:180:U:U \
 DS:new_sessions_sec:GAUGE:180:U:U \
 DS:del_sessions_sec:GAUGE:180:U:U \
 DS:total_sessions_open:GAUGE:180:U:U \
 DS:max_sessions:COUNTER:180:U:U \
 DS:streamflushes_sec:GAUGE:180:U:U \
 DS:streamfaults_sec:GAUGE:180:U:U \
 DS:stream_timeouts:GAUGE:180:U:U \
 DS:fragcompletes_sec:GAUGE:180:U:U \
 DS:fraginserts_sec:GAUGE:180:U:U \
 DS:fragdeletes_sec:GAUGE:180:U:U \
 DS:fragflushes_sec:GAUGE:180:U:U \
 DS:frag_timeouts:GAUGE:180:U:U \
 DS:frag_faults:GAUGE:180:U:U \
 DS:user_CPU:GAUGE:180:U:U \
 DS:sys_CPU:GAUGE:180:U:U \
 DS:idle_CPU:GAUGE:180:U:U \
 RRA:AVERAGE:0:1:10080 \
 RRA:AVERAGE:0:60:4320 \

fi






- -- 
Erik Fichtner
Principal Engineer, Information Security, ServerVault Corp.
703-652-5900
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iD8DBQFAuOKjQ7EzrewLMS0RAmEAAKC7EVDIE32ykI0v3rRZu9TLi56ZKQCfRbrc
BFfCHouVpP5k5L/N5UgsiTA=
=cz1U
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list