[Snort-users] FW: CPU load generated by Snort

Tony Reusser treusser at ...15879...
Fri Oct 19 10:12:39 EDT 2012

Here's how I do it.


Open up one ssh window to your snort box.  Type the command 'tail -f


Then in another window issue a SIGUSR1 kill signal to your snort PID:


# kill -10 [snort PID]


This will tell snort to dump its current statistics to syslog.  The tail
command conveniently shows it immediately, but it is in there to find later
if you want.  At the top of the list of stats is "packets captured / packets
analyzed / packets dropped.


Hope this helps.


                -Tony Reusser


P.S. This command doesn't actually "kill" your snort process.  It interprets
this "signal" as  "dump stats and keep running."


From: Pratik Narang [mailto:pratik.cse.bits at ...11827...] 
Sent: Friday, October 19, 2012 12:38 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] CPU load generated by Snort


To justify hardware needs for our IDS/IPS/Firewall setup, I need to show how
much load my present Snort setup - which is only a test bed setup- generates
on the CPU and thus justify the need of servers required.


The 'top' command in linux shows me that Snort is using 18% of memory and 7%
of CPU (fairly low, and I only use Core2duo processors). 

How do I get the information that how much Snort is loaded compared to its
full capacity (a single instance of it, of course), how many packets it is
seeing per second and if it is dropping any packets (say due to some mistake
is configuration on my part)?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121019/c5418db1/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00013.txt
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121019/c5418db1/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00016.txt
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121019/c5418db1/attachment-0001.txt>

More information about the Snort-users mailing list