Snort mailing list archives
Re: How to know if snort is dropping packets
From: Martin Roesch <roesch () sourcefire com>
Date: Tue, 30 Oct 2001 19:18:45 -0500
Marc-Andre Hamelin wrote:
Hi all, Anyone as a way to know in real time if snort is dropping packets without having to stop the processes and restart them ? Also, how about when the processes are running in daemon mode ?
Send the Snort process a SIGUSR1, if it's running on daemon mode it prints to syslog, if it's running on the console it'll print to that display. -Marty
I have a box that runs many snort processes in daemon mode and logs on a central server with mysql+acid; sometime the load becomes very high on the sensor, so I'd like to make sure snort isn't dropping packets. Up until now, I just made some tests by starting the processes manually without the -D option ,and let them ran for a while. But it's not really useful if the network traffic is not peaking during my tests. Thanks Marc _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch - President, Sourcefire Inc. - (410)552-6999 roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How to know if snort is dropping packets Marc-Andre Hamelin (Oct 30)
- Re: How to know if snort is dropping packets Martin Roesch (Oct 30)