[Snort-users] send snort a signal to output stats

Marcin Dulak marcin.dulak at ...11827...
Fri May 12 12:51:54 EDT 2017


USR1 should cause snort to write some statistics into the main output log,
starting with

*** Caught Dump Stats-Signal
===============================================================================
Memory usage summary:
...

If you have the profiling information configured, then restarting
snort daemon should create the files with additional information
(see
http://blog.qualtechsoftware.com/2011/10/use-profiling-to-improve-snort-performance/
and https://netsecsupport.wordpress.com/):

###################################################
# Configure Perf Profiling for debugging
# For more information see README.PerfProfiling
###################################################

config profile_rules: print all, sort avg_ticks, filename profile_rules.out
append
config profile_preprocs: print all, sort avg_ticks, filename
profile_preprocs.out append


Marcin


On Fri, May 12, 2017 at 4:43 PM, Charlie Dyer <charlierwdyer at ...11827...>
wrote:

> Hi
>
> Thanks for that, it doesn't return anything, do I have to compile snort in
> a certain way to enable this functionality?
> What stats are dumped when it does work?
>
> Many thanks
>
> On Fri, May 12, 2017 at 2:52 PM, Marcin Dulak <marcin.dulak at ...11827...>
> wrote:
>
>> try: kill -USR1 `pidof snort`
>>
>> Marcin
>>
>> On Fri, May 12, 2017 at 3:28 PM, Charlie Dyer <charlierwdyer at ...11827...>
>> wrote:
>>
>>> Hello list
>>>
>>> Is there a signal you can send to snort whilst its running that will
>>> output
>>> current traffic stats?
>>>
>>> Many thanks
>>>
>>> Charles
>>> ------------------------------------------------------------
>>> ------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest
>>> Snort news!
>>>
>>
>>
>



More information about the Snort-users mailing list