Re: How to know if snort is dropping packets

[Martin Roesch <roesch () sourcefire com>]

Marc-Andre Hamelin wrote:
> Hi all,
>
> Anyone as a way to know in real time if snort is dropping packets without
> having to stop the processes and restart them ?
> Also, how about when the processes are running in daemon mode ?

Send the Snort process a SIGUSR1, if it's running on daemon mode it
prints to syslog, if it's running on the console it'll print to that
display.

     -Marty



> I have a box that runs many snort processes in daemon mode and logs on a
> central server with mysql+acid; sometime the load becomes very high on the
> sensor, so I'd like to make sure snort isn't dropping packets.
>
> Up until now, I just made some tests by starting the processes manually
> without the -D option ,and let them ran for a while. But it's not really
> useful if the network traffic is not peaking during my tests.
>
> Thanks
>
> Marc
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Martin Roesch - President, Sourcefire Inc. - (410)552-6999
roesch () sourcefire com - http://www.sourcefire.com  
Snort: Open Source Network IDS - http://www.snort.org

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users