[Snort-users] Periodic save rule profiling logs
wkitty42 at ...14940...
Mon Dec 23 14:27:09 EST 2013
On 12/23/2013 7:39 AM, Kiryukhin Andrey wrote:
> Hi. Who knows if there is a function of periodic saving rule profiling
> logs to a file? In docs i found only how get that logs after snort
> exit, but in my case i use snort as daemon and want to get it in process.
you need to be more specific with your term "rule profiling"...
snort can be configured to write a profile log every X minutes... this can also
be done for every Y kbytes of traffic... the two can be combined so that the
entry is not written if there's been no or not enough traffic to warrant writing
BUT the above is not for per rule or preprocesor profiling... for those i
schedule triggering snort with SIG* (eg: SIGHUP)... if your snort has been
compiled with the option to do so, one of the SIG* signals will cause these
profiling logs to be written... IIRC, you want to have snort name them with the
trailing xxxxxxxxxxxx naming format in the same way that the default PCAP
snort.log.xxxxxxxxxxxx files are named...
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-users