[Snort-users] Perfmonitor Issue

Abdelmonaim Mokadem abdelmonaim.mokadem at ...13827...
Wed May 16 14:10:58 EDT 2012

Hi all,

I have an issue using the perfmonitor preprocessor for snort inline  to
provide the "Max performance snort stats" with the following parameters:


  preprocessor perfmonitor: time 300 pktcnt 5000 events max console


Here are the options used to launch snort :


        -A none \

        --dynamic-engine-lib "${SNORT_ENG}" 

        --dynamic-preprocessor-lib-dir "${SNORT_DYNPPDIR}"

        --dynamic-detection-lib-dir "${SNORT_DYNRULDIR}" 

        --daq-dir "${DAQ_DIR}" 

        -i "${INTERFACE}" 

        -c "${SNORT_CONF}" 

        --perfmon-file "${LOG_DIR}/snort.stats" 

        -l "${LOG_DIR}" 



Since I'm using the "max " and  "console" parameters, my console should
display the results, based on the following code:

if(iFlags & MAX_PERF_STATS)












But it doesn't...

It doesn't print me the Snort Max Performance at all..

The usec_per_packet structure is filled when "GetuSecondsPerPacket"  is
called but it seems like we never enter in the "if" clause 

and when I try to debug with gdb, I can see that "iFlag" is always equal
to 0 for an unknown reason and since "MAX_PERF_STATS" is equal to 1, the
"if" test fail.


FYI, here are the options used to compile snort :


--enable-dynamicplugin --enable-perfprofiling --enable-linux-smp-stats
--enable-targetbased --enable-ipv6 --enable-ppm --enable-gre
--enable-static-daq=no --enable-64bit-gcc=no 



If someone has an idea about the origin of the problem here...




Abdelmonaim Mokadem.   




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120516/93de0f84/attachment.html>

More information about the Snort-users mailing list