[Snort-users] RE: [Snort-devel] Added Statistics Patch

Sean Brown sblinux at ...9344...
Mon Feb 21 16:11:22 EST 2005


I would like to see these types of stats exposed via snmp.

----- Original Message -----
From: Claudio Mazzariello <claudio.mazzariello at ...13055...>
Date: Friday, February 18, 2005 7:04 am
Subject: [Snort-users] RE: [Snort-devel] Added Statistics Patch

> 
> wouldn't it be useful if it reported the packet loss ratio too?
> 
> -----Original Message-----
> From:	dogbert at ...11664... [dogbert at ...11664...]
> Sent:	Thu 17/02/2005 23.34
> To:	snort-devel at lists.sourceforge.net
> Cc:	snort-users at lists.sourceforge.net
> Subject:	[Snort-devel] Added Statistics Patch
> Hello everyone,
> 
>   I have made some patch files which give snort some real-time 
> statistics 
> information by use of calls to LogMessage and a hourly call via 
> the alarm() 
> function.  The tarball is a attachment to this email, btw.  This 
> patch also 
> produces a end total when snort exits out of daemon mode.
> 
> This tarball will modify three files in the Snort 2.3.0 Source 
> Tree (snort.h, 
> snort.c, and util.c) and produces output which looks like this in 
> my /var/log/messages file:
> 
> Feb 17 10:29:12 nermal snort: Hourly Statistics Report 
> Feb 17 10:29:12 nermal snort:  
> Feb 17 10:29:12 nermal snort: Packet analysis time averages: 
> Feb 17 10:29:12 nermal snort:  
> Feb 17 10:29:12 nermal snort: Packets Received per hour is:      
> 1270446 
> Feb 17 10:29:12 nermal snort: Packets Received per minute is:      
> 21174 
> Feb 17 10:29:12 nermal snort: Packets Received per second is:      
>  352 
> Feb 17 10:29:12 nermal snort:  
> Feb 17 11:00:31 nermal snort: [119:4:1] (http_inspect) BARE BYTE 
> UNICODE 
> ENCODING {TCP} 12.169.250.2:2918 -> 172.21.2.175:80
> Feb 17 11:29:12 nermal snort:  
> Feb 17 11:29:12 nermal snort: Hourly Statistics Report 
> Feb 17 11:29:12 nermal snort:  
> Feb 17 11:29:12 nermal snort: Packet analysis time averages: 
> Feb 17 11:29:12 nermal snort:  
> Feb 17 11:29:12 nermal snort: Packets Received per hour is:       
> 750001 
> Feb 17 11:29:12 nermal snort: Packets Received per minute is:      
> 12500 
> Feb 17 11:29:12 nermal snort: Packets Received per second is:      
>  208 
> Feb 17 11:29:12 nermal snort:  
> Feb 17 12:29:12 nermal snort:  
> Feb 17 12:29:12 nermal snort: Hourly Statistics Report 
> Feb 17 12:29:12 nermal snort:  
> Feb 17 12:29:12 nermal snort: Packet analysis time averages: 
> Feb 17 12:29:12 nermal snort:  
> Feb 17 12:29:12 nermal snort: Packets Received per hour is:       
> 758315 
> Feb 17 12:29:12 nermal snort: Packets Received per minute is:      
> 12638 
> Feb 17 12:29:12 nermal snort: Packets Received per second is:      
>  210 
> Feb 17 12:29:12 nermal snort:  
> Feb 17 13:29:12 nermal snort:  
> Feb 17 13:29:12 nermal snort: Hourly Statistics Report 
> Feb 17 13:29:12 nermal snort:  
> Feb 17 13:29:12 nermal snort: Packet analysis time averages: 
> Feb 17 13:29:12 nermal snort:  
> Feb 17 13:29:12 nermal snort: Packets Received per hour is:       
> 761306 
> Feb 17 13:29:12 nermal snort: Packets Received per minute is:      
> 12688 
> Feb 17 13:29:12 nermal snort: Packets Received per second is:      
>  211 
> Feb 17 13:29:12 nermal snort:  
> Feb 17 14:29:12 nermal snort:  
> Feb 17 14:29:12 nermal snort: Hourly Statistics Report 
> Feb 17 14:29:12 nermal snort:  
> Feb 17 14:29:12 nermal snort: Packet analysis time averages: 
> Feb 17 14:29:12 nermal snort:  
> Feb 17 14:29:12 nermal snort: Packets Received per hour is:       
> 817858 
> Feb 17 14:29:12 nermal snort: Packets Received per minute is:      
> 13630 
> Feb 17 14:29:12 nermal snort: Packets Received per second is:      
>  227 
> Feb 17 14:29:12 nermal snort: 
> 
> If anyone has ideas for improvement, send me an email, or post the 
> idea on the 
> mailing list(s).
> 
> Bill
> 
> 
> 
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real 
> users.Discover which products truly live up to the hype. Start 
> reading now.
> http://ads.osdn.com/?ad_ide95&alloc_id396&opÕick
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list×ort-users
>





More information about the Snort-users mailing list