[Snort-users] Broken Kill USR1 Statistics

Colin Grady colin.grady at ...11827...
Thu Aug 24 10:52:41 EDT 2006


Thanks for the suggestion, Bill!

Colin Grady


On 8/24/06, Bill Parker <dogbert at ...11664...> wrote:
>
> ----- Original Message -----
> From: "Colin Grady" <colin.grady at ...11827...>
> To: <snort-users at lists.sourceforge.net>
> Sent: Thursday, August 24, 2006 6:59 AM
> Subject: [Snort-users] Broken Kill USR1 Statistics
>
>
> > I've been trying to gather some statistics from the Snort process by
> > sending the USR1 kill signal, but I'm seeing some weird behavior. This
> > is Snort 2.6.0.1.
> >
> > First time using kill -USR1:
> > Aug 24 08:51:32 Sensor snort[24795]: *** Caught Usr-Signal
> > Aug 24 08:51:32 Sensor snort[24795]: Snort received 7294740 packets
> > Aug 24 08:51:32 Sensor snort[24795]:     Analyzed: 5628802(77.162%)
> > Aug 24 08:51:32 Sensor snort[24795]:     Dropped: 1665920(22.837%)
> > Aug 24 08:51:32 Sensor snort[24795]:     Outstanding: 18(0.000%)
> >
> > Second time using kill -USR1:
> > Aug 24 08:51:40 Sensor snort[24795]: *** Caught Usr-Signal
> > Aug 24 08:51:40 Sensor snort[24795]: Snort received 200871 packets
> > Aug 24 08:51:40 Sensor snort[24795]:     Analyzed: 5829688(2902.205%)
> > Aug 24 08:51:40 Sensor snort[24795]:     Dropped: 0(0.000%)
> > Aug 24 08:51:40 Sensor snort[24795]:     Outstanding:
> 4289338479(2135369.750%)
> >
>
> Strange, but if the snort team included the configure
> command --enable-timestats
> in 2.6.x (it's in 2.4.x), snort should produce statistics every 60 minutes
> to where
> you are normally logging snort stuff (usually /var/log/messages).
>
> This works without having to use KILL -USR1 (which is why I wrote the code
> in the first place) <shameless plug inserted here> :-)
>
> Bill
>
>
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list