Snort mailing list archives

Re: Is snort dropping packets

From: Jeff <jcoppock1 () comcast net>
Date: Wed, 24 Mar 2004 13:21:59 -0800

Hutchinson, Andrew, 2004-Mar-24 10:30 -0600:

Look in /var/log/messages right after you run this, and you should see
the status dump.

If you're running snort on a UNIX or Linux box, determine the process ID
of the snort process (ps -ef | grep snort), then send it a USR1 signal
(kill -USR1 pid) where pid is the process ID of the snort instance. 
Then take a look at the last hundred lines or so from the output of
"dmsg".


I'm running snort on a Linux platform logging using syslog-ng.  Is
there a way to get this status information without actually killing
the process?

jc

-- 
Jeff Coppock            Systems Engineer
Diggin' Debian          Admin and User


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Is snort dropping packets Jason Humes (Mar 23)
- <Possible follow-ups>
- Re: Is snort dropping packets John Creegan (Mar 23)
- RE: Is snort dropping packets Jason Humes (Mar 24)
- RE: Is snort dropping packets John Creegan (Mar 24)
- RE: Is snort dropping packets Hutchinson, Andrew (Mar 24)
  - RE: Is snort dropping packets Rodrigo B. Ramos (Mar 24)
  - Re: Is snort dropping packets Jeff (Mar 24)
- Re: Is snort dropping packets John Creegan (Mar 24)