Snort mailing list archives

RE: gigabit nic?

From: Matt Kettler <mkettler () evi-inc com>
Date: Tue, 10 Sep 2002 18:06:55 -0400

The kill should return to the cmd prompt and that is the correctcommandline. On mine it nicely dumps stats to syslog. Are you running snortinteractively instead of daemonized?

I get all of this dumpted to syslog (leading parts of the lines linesremoved to conceal machine name for my snort box)


   =========================================================================
 Snort analyzed 621505 out of 621505 packets,
 The kernel dropped 0(0.000%) packets
 Breakdown by protocol:                Action Stats:
     TCP: 597723     (96.173%)         ALERTS: 31
     UDP: 21734      (3.497%)          LOGGED: 7
    ICMP: 439        (0.071%)          PASSED: 0
     ARP: 2          (0.000%)
    IPv6: 0          (0.000%)
     IPX: 0          (0.000%)
   OTHER: 1598       (0.257%)
 DISCARD: 0          (0.000%)
 ===========================================================================

 Fragmentation Stats:
 Fragmented IP Packets: 15         (0.002%)
     Fragment Trackers: 6
    Rebuilt IP Packets: 6
    Frag elements used: 15
 Discarded(incomplete): 0
    Discarded(timeout): 0
   Frag2 memory faults: 0
 ===========================================================================
 TCP Stream Reassembly Stats:
         TCP Packets Used: 597723     (96.173%)
          Stream Trackers: 14449
           Stream flushes: 15953
            Segments used: 27598
    Stream4 Memory Faults: 0
 ===========================================================================


At 05:58 PM 9/10/2002 -0400, Sheahan, Paul (PCLN-NW) wrote:

Thanks for the info. I tried "kill -SIGUSR1 <snortpid#>" and it returned to
the shell prompt. I then did a tail on /var/log/messages, but no stats were
there. Anything I might be doing wrong?

Thanks again


-----Original Message-----
From: Matt Kettler [mailto:mkettler () evi-inc com]
Sent: Tuesday, September 10, 2002 5:24 PM
To: Sheahan, Paul (PCLN-NW); Snort List (E-mail)
Subject: RE: [Snort-users] gigabit nic?


Send snort a SIGUSR1 with kill then check your syslog.

This will dump the statistics including the number of packets, the #
analyzed and the # dropped into syslog without stopping snort.




-------------------------------------------------------
In remembrance
www.osdn.com/911/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

gigabit nic? Sheahan, Paul (PCLN-NW) (Sep 10)
- Re: gigabit nic? Erek Adams (Sep 10)
- Re: gigabit nic? The infoSphere (Sep 10)
- <Possible follow-ups>
- RE: gigabit nic? Hutchinson, Andrew (Sep 10)
- RE: gigabit nic? Sheahan, Paul (PCLN-NW) (Sep 10)
- RE: gigabit nic? Matt Kettler (Sep 10)
- RE: gigabit nic? Sheahan, Paul (PCLN-NW) (Sep 10)
- RE: gigabit nic? Matt Kettler (Sep 10)
- RE: gigabit nic? snort-users (Sep 10)
- RE: gigabit nic? Robby Desmond (Sep 15)
- RE: gigabit nic? Michael Brown (Sep 15)