Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Periodic save rule profiling logs

From: waldo kitty <wkitty42 () windstream net>
Date: Mon, 23 Dec 2013 14:27:09 -0500
On 12/23/2013 7:39 AM, Kiryukhin Andrey wrote:

Hi. Who knows if there is a  function of periodic saving  rule profiling
logs to a file?   In docs i found only how get that logs after snort
exit, but in my case i use snort as daemon and want to get it in process.


you need to be more specific with your term "rule profiling"...

snort can be configured to write a profile log every X minutes... this can also 
be done for every Y kbytes of traffic... the two can be combined so that the 
entry is not written if there's been no or not enough traffic to warrant writing 
the entry...

BUT the above is not for per rule or preprocesor profiling... for those i 
schedule triggering snort with SIG* (eg: SIGHUP)... if your snort has been 
compiled with the option to do so, one of the SIG* signals will cause these 
profiling logs to be written... IIRC, you want to have snort name them with the 
trailing xxxxxxxxxxxx naming format in the same way that the default PCAP 
snort.log.xxxxxxxxxxxx files are named...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: