Snort mailing list archives

RE: (no subject)

From: "Chris Eidem" <ceidem () Dexma com>
Date: Mon, 15 Apr 2002 14:13:19 -0500

Ok, perhaps I'm just braindead, but what's _wrong_ with the 
output?  A USR1
causes it to dump stats to syslog by default....

I've got a strange feeling I'm missing something here....  :-)


What I failed to point out was that the syslog has a "hiccough" in it,
the USR1 call starts to dump the info to the log then, about five lines
into it, starts dumping it again.  Herein lies the rub:

Mar 25 00:45:01 cubanelle snort:
===================================================
Mar 25 00:45:01 cubanelle snort: Snort analyzed 3841947 out of 3842657
packets, 
Mar 25 00:45:01 cubanelle snort: dropping 710(0.018%) packets  
Mar 25 00:45:01 cubanelle snort: Breakdown by protocol:
Action Stats: 

*hiccough* <log starts over again, look at the totals>

Mar 25 00:45:01 cubanelle snort:
===================================================
Mar 25 00:45:01 cubanelle snort: Snort analyzed 3841947 out of 3842657
packets, 
Mar 25 00:45:01 cubanelle snort: dropping 710(0.018%) packets  
Mar 25 00:45:01 cubanelle snort: Breakdown by protocol:
Action Stats: 
Mar 25 00:45:01 cubanelle snort:     TCP: 3376791    (87.876%)
ALERTS: 4386       
Mar 25 00:45:01 cubanelle snort:     UDP: 227845     (5.929%)
LOGGED: 1504       
Mar 25 00:45:01 cubanelle snort:    ICMP: 24877      (0.647%)
PASSED: 2663       
Mar 25 00:45:01 cubanelle snort:     ARP: 3193       (0.083%) 
Mar 25 00:45:01 cubanelle snort:    IPv6: 0          (0.000%) 
Mar 25 00:45:01 cubanelle snort:     IPX: 0          (0.000%) 
Mar 25 00:45:01 cubanelle snort:   OTHER: 208496     (5.426%) 
Mar 25 00:45:01 cubanelle snort: DISCARD: 0          (0.000%) 
Mar 25 00:45:01 cubanelle snort:
===================================================

 - chris

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: (no subject), (continued)
- Re: (no subject) Matt Kettler (Apr 09)
- (no subject) Federico Rena (Apr 10)
- (no subject) Federico Rena (Apr 10)
  - Re: (no subject) John Sage (Apr 10)
- (no subject) Federico Rena (Apr 10)
- RE: (no subject) Omolayo Salako (Apr 10)
- (no subject) rakesh (Apr 11)
- (no subject) Ha Hoang (Apr 13)
- (no subject) Chris Eidem (Apr 14)
  - Re: (no subject) Erek Adams (Apr 14)
- RE: (no subject) Chris Eidem (Apr 15)
  - RE: Syslog Coughs? Erek Adams (Apr 15)
- (no subject) C Boss (Apr 25)
  - Re: (no subject) Ralf Hildebrandt (Apr 25)
- (no subject) Zero Dark (May 04)
  - Re: (no subject) Matt Kettler (May 04)
- (no subject) Vadim Pushkin (May 07)
- (no subject) Z . Qili (May 07)
- (no subject) John Maestrale (May 20)
- (no subject) John Maestrale (May 29)
- (no subject) Hugo Ferr (May 31)

(Thread continues...)