Snort mailing list archives

Re: Is snort dropping packets

From: "John Creegan" <jcreegan () questarweb com>
Date: Wed, 24 Mar 2004 15:42:07 -0600

the USR1 signal doesn't kill the snort process, it just causes it to
dump statistics.

Jeff <jcoppock1 () comcast net> 03/24/04 03:21PM >>>

Hutchinson, Andrew, 2004-Mar-24 10:30 -0600:

Look in /var/log/messages right after you run this, and you should

see

the status dump.

If you're running snort on a UNIX or Linux box, determine the process

ID

of the snort process (ps -ef | grep snort), then send it a USR1

signal

(kill -USR1 pid) where pid is the process ID of the snort instance. 
Then take a look at the last hundred lines or so from the output of
"dmsg".


I'm running snort on a Linux platform logging using syslog-ng.  Is
there a way to get this status information without actually killing
the process?

jc

-- 
Jeff Coppock            Systems Engineer
Diggin' Debian          Admin and User


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net 
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users 
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


This message (including any attachments) contains confidential 
information intended for a specific individual and purpose, 
and is protected by law.  If you are not the intended recipient,
you should delete this message and are hereby notified that any 
disclosure,copying, or distribution of this message, or the taking 
of any action based on it, is strictly prohibited.



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Is snort dropping packets Jason Humes (Mar 23)
- <Possible follow-ups>
- Re: Is snort dropping packets John Creegan (Mar 23)
- RE: Is snort dropping packets Jason Humes (Mar 24)
- RE: Is snort dropping packets John Creegan (Mar 24)
- RE: Is snort dropping packets Hutchinson, Andrew (Mar 24)
  - RE: Is snort dropping packets Rodrigo B. Ramos (Mar 24)
  - Re: Is snort dropping packets Jeff (Mar 24)
- Re: Is snort dropping packets John Creegan (Mar 24)