Snort mailing list archives
Re: Snort Packet Stats
From: "Matt Jonkman" <matt () jonkmans com>
Date: Thu, 10 Jan 2002 18:33:50 -0600
This is an unusually high percentage. Normally we're running at 0% dropped. These stats are coming from an overwhelmed dev box running 2 instances of snort before I ran a third instance for a few seconds for the sample stats, AND it's seeing a high traffic volume, AND running an overworked mysql db. Bad choice of stats, definitely not representative of snort. :) Matt ----- Original Message ----- From: "Ashley Thomas" <athomas () unity ncsu edu> To: "Matt Jonkman" <matt () jonkmans com> Cc: <snort-users () lists sourceforge net> Sent: Thursday, January 10, 2002 3:53 PM Subject: Re: [Snort-users] Snort Packet Stats
It is slightly out of sync but may i ask you this.From the stats that you've attached Snort seems to be dropping a lotof packets ? Is the traffic volume very high ? or is it something that i've overlooked. thanks ashley On Thu, 10 Jan 2002, Matt Jonkman wrote:We're working on our own homegrown snort back-end and want to really concentrate on having detailed live and trending stats for each sensor. Is there a way to get the stats that snort dumps when you ^C a
non-daemon
instance when you are running as a daemon? If not is there another
source of
the running stats we can grab and trend? Thanks Matt I.E these stats:
============================================================================
=== Snort analyzed 4444 out of 6034 packets, dropping 1590(26.351%) packets Breakdown by protocol: Action Stats: TCP: 2494 (41.332%) ALERTS: 0 UDP: 108 (1.790%) LOGGED: 0 ICMP: 0 (0.000%) PASSED: 0 ARP: 0 (0.000%) IPv6: 0 (0.000%) IPX: 0 (0.000%) OTHER: 102 (1.690%) DISCARD: 0 (0.000%)
============================================================================
=== Fragmentation Stats: Fragmented IP Packets: 0 (0.000%) Fragment Trackers: 0 Rebuilt IP Packets: 0 Frag elements used: 0 Discarded(incomplete): 0 Discarded(timeout): 0 Frag2 memory faults: 0
============================================================================
=== TCP Stream Reassembly Stats: TCP Packets Used: 0 (0.000%) Stream Trackers: 0 Stream flushes: 0 Segments used: 0 Stream4 Memory Faults: 0
============================================================================
=== Snort received signal 2, exiting _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: ACID wishlist Roman Danyliw (Jan 10)
- Snort Packet Stats Matt Jonkman (Jan 10)
- Re: Snort Packet Stats Martin Roesch (Jan 10)
- Re: Snort Packet Stats Ashley Thomas (Jan 10)
- Re: Snort Packet Stats Matt Jonkman (Jan 10)
- Snort Stats & ACID Guillaume (Jan 11)
- Snort Packet Stats Matt Jonkman (Jan 10)