Re: Snort Check and Rules 'Best Practice'

[Erek Adams <erek () theadamsfamily net>]

On Thu, 14 Nov 2002, Derrick Lichti wrote:

> I'm wondering if there is a way to check and see how many packets Snort
> is dropping, if any, while it is still running. I think I might be
> losing packets but I'm not sure (ie. when MSN Messenger was spammed last
> night, multiple users were received messages and only one of them
> appeared in the Snort logs)!

Send snort a SIGUSR1 [0] and it'll dump stats and reload rules.

> And, I'm looking for the best way to update my rules but keep all the
> changes the I have made. I've seen Snortcenter, does it allow this? I've
> made many modifications to the rules themselves and I would like to
> avoid having to re-update everything individually.

Oinkmaster [1].

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


[0]     http://marc.theaimsgroup.com/?l=snort-users&m=102534142722425&w=2
        (at the very bottom)
[1]     http://www.algonet.se/~nitzer/oinkmaster/



-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users