[Snort-users] Re: Snort not logging all packets
jamesaffeld at ...131...
Tue Mar 8 11:30:34 EST 2005
Is snort running at the same time as tcpdump? How
busy is the network and how busy is the box monitoring
If you have a sensor attached to a 100 megabit span
port on a switch with a 32 gigabit backplane, you
might well expect to miss a lot of packets.
if it's a Unix/linux/bsd-based sensor you can run top
to get the top 10 running processes, and overall cpu
and memory usage.
> Message: 6
> Date: Mon, 7 Mar 2005 11:41:05 -0800 (PST)
> From: sEc nErD <umkcguy1978 at ...131...>
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort not logging all packets
> Content-Type: text/plain; charset=us-ascii
> Hi all,
> I am runnning snort on a fedora box and i started
> with a doubt that it is not logging all the packets.
> I checked it with tcp dump and when i stop tcpdump i
> see 90% of the packets being dropped by the kernel.
> When i see /var/log/messages
> i see the below error for both sniffing interfaces
> OpenPcap() device eth0 network lookup: ^Ieth0: no
> IPv4 address assigned
> I checked the version of libpcap running it is
> " libpcap-0.8.3-3 "
> Output of # uname -a
> Linux localhost.localdomain 2.6.5-1.358smp #1 SMP
> Sat May 8 09:25:36 EDT 2004 i686 i686 i386 GNU/Linux
> If anybody could help me on this i would really
> appreciate it.
> thanks all,
Celebrate Yahoo!'s 10th Birthday!
Yahoo! Netrospective: 100 Moments of the Web
More information about the Snort-users