Snort mailing list archives
RE: Snort Statistics on Shutdown
From: "Esler, Joel - Contractor" <joel.esler () rcert-s army mil>
Date: Thu, 5 Aug 2004 13:36:17 -0400
Yeah I would love to see this in some type of standard outputting format. Dumping a file in your -l directory if snort is killed or if it is stopped would be awesome. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of sekure Sent: Thursday, August 05, 2004 11:31 AM To: Martin Roesch Cc: Bill Parker; snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort Statistics on Shutdown I think what happens is that Snort dumps those stats to stdout, at least that has been my experience. So if Snort is running in daemon mode when its killed, you don't get the stats in you syslog. On Thu, 5 Aug 2004 11:05:54 -0400, Martin Roesch <roesch () sourcefire com> wrote:
Hi Bill, I just checked the code and the DropStats() function is calling LogMessage() to output its info so they should be somewhere in your syslog files. You aren't reading a pcap file in daemon mode, are you? -Marty On Aug 4, 2004, at 11:59 PM, Bill Parker wrote:Ok, now that I have the pig at version 2.1.3, I was curious about another thing. I run snort in daemon mode and start/stop it with the init script provided (no problems at all), but I was under the impression that snort when it shuts down, should generate some stats
as to how many packets were processed, etc. I see the snort startup in /var/log/messages, should I not see stuff in there when it shuts down? Bill-- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Intelligent Security Monitoring roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Statistics on Shutdown Bill Parker (Aug 04)
- Re: Snort Statistics on Shutdown Martin Roesch (Aug 05)
- Re: Snort Statistics on Shutdown sekure (Aug 05)
- Re: Snort Statistics on Shutdown Martin Roesch (Aug 05)
- Re: Snort Statistics on Shutdown sekure (Aug 05)
- Re: Snort Statistics on Shutdown sekure (Aug 05)
- Re: Snort Statistics on Shutdown Martin Roesch (Aug 05)
- <Possible follow-ups>
- RE: Snort Statistics on Shutdown Esler, Joel - Contractor (Aug 05)
- Re: Snort Statistics on Shutdown Martin Roesch (Aug 05)