Snort mailing list archives

RE: Is snort dropping packets

From: "Hutchinson, Andrew" <andrew.hutchinson () Vanderbilt Edu>
Date: Wed, 24 Mar 2004 10:30:14 -0600

Look in /var/log/messages right after you run this, and you should see
the status dump.

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jason
Humes
Sent: Wednesday, March 24, 2004 9:08 AM
To: 'John Creegan'; 'snort-users () lists sourceforge net'
Subject: RE: [Snort-users] Is snort dropping packets

Hi
I've done this and found the pid and sent the kill -USR1 PID and it
returned me to the prompt with nothing...should I see something after
running this command?  Thanks

-----Original Message-----
From: John Creegan [mailto:jcreegan () questarweb com] 
Sent: Tuesday, March 23, 2004 2:34 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Is snort dropping packets

If you're running snort on a UNIX or Linux box, determine the process ID
of the snort process (ps -ef | grep snort), then send it a USR1 signal
(kill -USR1 pid) where pid is the process ID of the snort instance. 
Then take a look at the last hundred lines or so from the output of
"dmsg".

Jason Humes <jhumes () acs on ca> 03/23/04 01:02PM >>>

How can I tell if my snort sensor is dropping packets due to too much
traffic, or not enough horsepower, or whatever.  Thanks

Jason 

**********************************************************************

Confidentiality Notice: 

The information contained in this e-mail and any attachments may be
legally privileged and confidential. If you are not an intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this e-mail and any attachments is strictly prohibited. If
you received this e-mail in error, please notify the sender and
permanently delete the e-mail and any attachments immediately. You
should not retain, copy or use this e-mail or any attachment for any
purpose, nor disclose all or any part of the contents to any other
person. 

Thank you. 



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net 
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users 
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


This message (including any attachments) contains confidential 
information intended for a specific individual and purpose, 
and is protected by law.  If you are not the intended recipient, you
should delete this message and are hereby notified that any 
disclosure,copying, or distribution of this message, or the taking 
of any action based on it, is strictly prohibited.



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Is snort dropping packets Jason Humes (Mar 23)
- <Possible follow-ups>
- Re: Is snort dropping packets John Creegan (Mar 23)
- RE: Is snort dropping packets Jason Humes (Mar 24)
- RE: Is snort dropping packets John Creegan (Mar 24)
- RE: Is snort dropping packets Hutchinson, Andrew (Mar 24)
  - RE: Is snort dropping packets Rodrigo B. Ramos (Mar 24)
  - Re: Is snort dropping packets Jeff (Mar 24)
- Re: Is snort dropping packets John Creegan (Mar 24)