[Snort-users] USR1 Output and BPF traffic
djneil at ...1052...
Mon Dec 17 12:05:51 EST 2012
I was wondering if when filtering traffic using the -F <bpf-file> switch
how this affects stats dumped through the kill -USR1 command. Is the total
number of received and analyzed packets listed the number before the BPF is
applied or after? I'm running a filter to capture "non-internal" sources
and find the total number of packets received and analyzed to be high if it
is post BPF. I notice a "filtered" category but this consistently registers
If it does not record the numbers after applying the BPF does anyone know
of a way to report on the number of packets received and analyzed by an
applied BPF? Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users