Snort mailing list archives
Re: Enable perprofile
From: wkitty42 () windstream net
Date: Sat, 8 Apr 2017 19:27:23 -0400
On 04/08/2017 06:23 PM, Abdullah AL-Mutairy wrote:
Hello everyone! I was trying to enable performance profiling in snort 2.9.9. So i edit snort.conf and delete the "#" that comes before OPTIONS : --enbale-gre --enable-mpls .. etc. But when i validate the configurations i get an error.
you don't need those for performance monitoring... maybe the one for --enable-perfprofiling but those are for building snort from source so you need to rebuild with that option in place...
How can i enable performance monitoring? I want to see details about cpu usage, number of signatures detected, and other details.
you need to enable "preprocessor perfmonitor" in snort.conf... here's an example... there are six lines... the first line is a description... the next four are commented out examples... you only need one of the others to create the csv file with the performance data in it... we use the last one here to get data written to the csv file every 5 minutes... # performance statistics. For more information, see the Snort Manual, Configuring Snort - Preprocessors - Performance Monitor # preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt 10000 # preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 10000 # preprocessor perfmonitor: time 300 snortfile snort.csv pktcnt 10000 # preprocessor perfmonitor: time 300 snortfile snort.csv pktcnt 1000 preprocessor perfmonitor: time 300 snortfile snort.csv pktcnt 1 then there's these next two sections... the first for profiling rules and the second for profiling the snort processors... # rules profiling # print worst 25 rules based on time spent in them... #config profile_rules: print all, sort total_ticks, filename rules_stats.log config profile_rules: print 25, sort total_ticks, filename rules_stats.log # preprocessor profiling # print worst 10 preprocessors based on time spent in them... config profile_preprocs: print 10, sort total_ticks, filename preprocs_stats.log please read my signature below and keep responses *on the list*... do not reply to me in private... it will be ignored or followed up by support contract requirements... take the free assistance from the list while it is available ;) -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Enable perprofile Abdullah AL-Mutairy (Apr 08)
- Re: Enable perprofile wkitty42 (Apr 08)
- Re: Enable perprofile Joel Esler (jesler) (Apr 08)
- Re: Enable perprofile Abdullah AL-Mutairy (Apr 09)
- Re: Enable perprofile Joel Esler (jesler) (Apr 08)
- Re: Enable perprofile wkitty42 (Apr 08)