[Snort-users] Snort PID in /var/log/messages

Justin Heath justin.heath at ...11827...
Thu Feb 10 07:27:26 EST 2005


Try something like this as a work around.

snort -v -d -e -i eth0 &
logger -p local0.info Snort started with pid $!


On Wed, 2 Feb 2005 11:36:41 +0900, Basselgia, Barry A Mr (NAF Atsugi)
<BABasselgia at ...12104...> wrote:
> Edin Dizdarevic wrote on Tuesday, February 01, 2005 9:47 PM:
> > I still do not _really_ understand what are you trying to achieve. :[
> > ....
> > --
> > Edin Dizdarevic
> 
> What I'm talking about is anything that snort sends to syslog;
> Initialization messages, Performance Stats, Errors, Alerts,...   Here is a
> sample:
> 
> Feb  2 11:17:14 snort snort: [1:399:6] ICMP Destination Unreachable Host
> Unreachable .....
> Feb  2 11:17:15 snort barnyard[9767]: Exiting
> Feb  2 11:17:15 snort barnyard[8881]: Exiting
> Feb  2 11:17:16 snort barnyard[7066]: Initializing daemon mode
> Feb  2 11:17:16 snort barnyard[7078]: Opened spool file
> '/var/log/snort/snort.log.1107285310'
> Feb  2 11:17:16 snort barnyard[7078]: Waiting for new data
> Feb  2 11:17:21 snort snort:   Snort Realtime Performance  : Wed Feb  2
> 11:17:21 2005 ----------
> Feb  2 11:17:21 snort snort: Pkts Recv:   241089
> Feb  2 11:17:21 snort snort: Pkts Drop:   0
> Feb  2 11:17:21 snort snort: % Dropped:   0.00%
> Feb  2 11:17:21 snort snort: KPkts/Sec:   0.80
> Feb  2 11:17:21 snort snort: Bytes/Pkt:   862
> Feb  2 11:17:21 snort snort: Mbits/Sec:   5.24 (wire)
> Feb  2 11:17:21 snort snort: Mbits/Sec:   0.27 (rebuilt)
> Feb  2 11:17:21 snort snort: Mbits/Sec:   5.51 (total)
> Feb  2 11:17:21 snort snort: PatMatch:    95.23%
> Feb  2 11:17:21 snort snort: CPU Usage:   20.88% (user)  0.71% (sys)  78.41%
> (idle)
> Feb  2 11:17:25 snort barnyard[7280]: Initializing daemon mode
> Feb  2 11:17:25 snort barnyard[7286]: Opened spool file
> '/var/log/snort/snort-bond0.log.1107285310'
> Feb  2 11:17:26 snort snort: [1:1437:6] MULTIMEDIA Windows Media download
> ......
> Feb  2 11:17:26 snort barnyard[7286]: Waiting for new data
> 
> From the above, I can tell which instance of Barnyard is doing what.  But, I
> have no way of knowing which instance of Snort generated the alerts or the
> performance stats.
> 
> Jeremy Hewlett, responded that this request didn't get submitted in time for
> Snort 2.3.  But, they are considering it for Snort 2.4.  In the mean time
> I'll look through the code and see if I can figure out a patch.
> 
> Thanks,
> 
> Barry
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> Tool for open source databases. Create drag-&-drop reports. Save time
> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list