[Snort-users] Enable perprofile

Joel Esler (jesler) jesler at ...589...
Sat Apr 8 20:06:49 EDT 2017


Also, the statements at the top of the Snort.conf are the recommended compile options.  They have nothing to do with the Snort.conf itself.   

--
Sent from my iPhone

> On Apr 8, 2017, at 19:29, "wkitty42 at ...14940..." <wkitty42 at ...14940...> wrote:
> 
>> On 04/08/2017 06:23 PM, Abdullah AL-Mutairy wrote:
>> 
>> Hello everyone!
>> 
>> I was trying to enable performance profiling in snort 2.9.9.
>> So i edit snort.conf and delete the "#" that comes before OPTIONS : --enbale-gre --enable-mpls .. etc.
>> But when i validate the configurations i get an error.
> 
> you don't need those for performance monitoring... maybe the one for 
> --enable-perfprofiling but those are for building snort from source so you need 
> to rebuild with that option in place...
> 
>> How can i enable performance monitoring? I want to see details about cpu
>> usage, number of signatures detected, and other details.
> 
> you need to enable "preprocessor perfmonitor" in snort.conf... here's an 
> example... there are six lines... the first line is a description... the next 
> four are commented out examples... you only need one of the others to create the 
> csv file with the performance data in it... we use the last one here to get data 
> written to the csv file every 5 minutes...
> 
> # performance statistics.  For more information, see the Snort Manual, 
> Configuring Snort - Preprocessors - Performance Monitor
> # preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt 10000
> # preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 10000
> # preprocessor perfmonitor: time 300 snortfile snort.csv pktcnt 10000
> # preprocessor perfmonitor: time 300 snortfile snort.csv pktcnt 1000
> preprocessor perfmonitor: time 300 snortfile snort.csv pktcnt 1
> 
> 
> then there's these next two sections... the first for profiling rules and the 
> second for profiling the snort processors...
> 
> # rules profiling
> # print worst 25 rules based on time spent in them...
> #config profile_rules: print all, sort total_ticks, filename rules_stats.log
> config profile_rules: print 25, sort total_ticks, filename rules_stats.log
> 
> # preprocessor profiling
> # print worst 10 preprocessors based on time spent in them...
> config profile_preprocs: print 10, sort total_ticks, filename preprocs_stats.log
> 
> 
> please read my signature below and keep responses *on the list*... do not reply 
> to me in private... it will be ignored or followed up by support contract 
> requirements... take the free assistance from the list while it is available ;)
> 
> -- 
>  NOTE: No off-list assistance is given without prior approval.
>        *Please keep mailing list traffic on the list* unless
>        private contact is specifically requested and granted.
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list