[Snort-users] Enable perprofile
Joel Esler (jesler)
jesler at ...589...
Sat Apr 8 20:06:49 EDT 2017
Also, the statements at the top of the Snort.conf are the recommended compile options. They have nothing to do with the Snort.conf itself.
Sent from my iPhone
> On Apr 8, 2017, at 19:29, "wkitty42 at ...14940..." <wkitty42 at ...14940...> wrote:
>> On 04/08/2017 06:23 PM, Abdullah AL-Mutairy wrote:
>> Hello everyone!
>> I was trying to enable performance profiling in snort 2.9.9.
>> So i edit snort.conf and delete the "#" that comes before OPTIONS : --enbale-gre --enable-mpls .. etc.
>> But when i validate the configurations i get an error.
> you don't need those for performance monitoring... maybe the one for
> --enable-perfprofiling but those are for building snort from source so you need
> to rebuild with that option in place...
>> How can i enable performance monitoring? I want to see details about cpu
>> usage, number of signatures detected, and other details.
> you need to enable "preprocessor perfmonitor" in snort.conf... here's an
> example... there are six lines... the first line is a description... the next
> four are commented out examples... you only need one of the others to create the
> csv file with the performance data in it... we use the last one here to get data
> written to the csv file every 5 minutes...
> # performance statistics. For more information, see the Snort Manual,
> Configuring Snort - Preprocessors - Performance Monitor
> # preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt 10000
> # preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 10000
> # preprocessor perfmonitor: time 300 snortfile snort.csv pktcnt 10000
> # preprocessor perfmonitor: time 300 snortfile snort.csv pktcnt 1000
> preprocessor perfmonitor: time 300 snortfile snort.csv pktcnt 1
> then there's these next two sections... the first for profiling rules and the
> second for profiling the snort processors...
> # rules profiling
> # print worst 25 rules based on time spent in them...
> #config profile_rules: print all, sort total_ticks, filename rules_stats.log
> config profile_rules: print 25, sort total_ticks, filename rules_stats.log
> # preprocessor profiling
> # print worst 10 preprocessors based on time spent in them...
> config profile_preprocs: print 10, sort total_ticks, filename preprocs_stats.log
> please read my signature below and keep responses *on the list*... do not reply
> to me in private... it will be ignored or followed up by support contract
> requirements... take the free assistance from the list while it is available ;)
> NOTE: No off-list assistance is given without prior approval.
> *Please keep mailing list traffic on the list* unless
> private contact is specifically requested and granted.
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
More information about the Snort-users