[Snort-users] Snort 2.8.1 - TimeStats()

Wes Young wcyoung at ...12754...
Tue Jun 17 07:36:19 EDT 2008


Thanks Todd,

That was my next step (moving to 2.8.2). I started modifying code  
myself but wanted to double check before I went too much down that rat  
hole... =)

Thanks again...

On Jun 17, 2008, at 6:29 AM, Todd Wease wrote:

> Wes,
>
> Thanks for bringing this to our attention.  I just tested this on
> snort-2.8.1 and snort-2.8.2, and in daemon mode, as you note, it does
> not seem to work in snort-2.8.1.  It does seem to work in snort-2.8.2.
> I'm not able to track down exactly why yet (just putting a random
> printf() call seemed to get it going), but 2.8.2 has some significant
> performance improvements, so maybe upgrade to 2.8.2 to take  
> advantage of
> that as well.
>
> Thanks,
> Todd
>
> Wes Young wrote:
>> This might be a dumb question, but does anyone have snort-2.8.1  
>> working
>> successfully with --enable-timestats ?
>>
>> I've got a red-hat box running and it dumps the initial startup and
>> exiting output to syslog, but once it's going, doesn't dump the  
>> hourly
>> statistical dump.
>>
>> i've got snort running with the flags:
>>
>> -g snort -u snort -D -M -y
>>
>> but no luck. Tried searching through the code and google a bit w/o  
>> much
>> luck... Just wanna verify that someone has it working, or i'm not
>> missing some stupid option before I dig too much further...
>> -- 
>> Wes Young
>> Network Security Analyst
>> CIT - University at Buffalo
>> http://claimid.com/saxjazman9
>>
>>
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> -------------------------------------------------------------------------
>> Check out the new SourceForge.net Marketplace.
>> It's the best place to buy or sell services for
>> just about anything Open Source.
>> http://sourceforge.net/services/buy/index.php
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>

--
Wes Young
Network Security Analyst
CIT - University at Buffalo
http://claimid.com/saxjazman9







-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2444 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20080617/ffbdcf8d/attachment.bin>


More information about the Snort-users mailing list