[Snort-users] preprocessor perfmonitor fields
snort at ...13080...
Thu Mar 17 04:06:46 EST 2005
Excellent! yet another reason to be using linux I guess...i need to get that
box back up and running soon...that's the third answer that would have been
answered for me if I could see the source code...thanks for the help!
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Alejandro
Sent: Thursday, March 17, 2005 6:18 AM
To: Lee Clemens
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] preprocessor perfmonitor fields
> I'm outputting perfmonitor to a file and I can't see any documentation as
> what fields are what. Since it is to a file, the manual just says that not
> all fields are recorded (from the bulleted list above).
Excerpt from snort-2.3.0/src/preprocessors/perf-base.c:676
* Log Base Per Stats to File for Use by the MC
* unixtime(in secs since epoch)
* %pkts dropped
* Avg Bytes/Pkt
* %bytes pattern matched
* total-sessions open
* %user-cpu usage
* %sys-cpu usage
* %idle-cpu usage
> As per development, maybe the first field could simply be comma delimited
> field names, depending on the options set in snort.conf? I wouldn't mind
> sorting through a few of these if it outputted did this every time the
> service starts...but for now, is there a way I can tell what the values
You can't customize what will be outputed.
> btw, I'm using windows and Snort running as-is (no ACID, BASE, etc), so
> not sure what console output would do...
As you're running on windows, running snort as a service, you can't
see the console output. If you run snort from a dos window, you'll se
the console output.
Log to mysql if you want to have a way to analise those alerts, and
use BASE to analise them.
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users