Snort mailing list archives
Re: performance monitoring
From: Erik Fichtner <emf () servervault com>
Date: Sat, 29 May 2004 15:21:08 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, May 29, 2004 at 01:39:01AM -0700, nt wrote:
I am output the performance monitoring to a file and i would like to know what each column represents does any one know I plan on parsing and displaying in a web page. below is the output. 1085819494,0.000,3.6,0.3,0.9,661,117.54,9.0,7.7,8.9,8.9,159,555,55.8,0,5 9,0.0,0.0,0.0,0.0,0,0,4.7,0.9,94.4
make_snortperf_rrd.sh: #!/bin/sh # Example input line: # 1085604455,0.000,73.9,0.4,21.9,430,80.60,1340.4,1348.7,257.0,2399.7,991.5,967.7,24525,40918,0.0,0,1,0.3,0.5,0.2,0.2,60,0,23.4,3.4,73.3 # # 1. epoch seconds, [1085604455] # 2. %packets dropped, [0.000] # 3. MBits/sec, [73.9] # 4. alerts/sec, [0.4] # 5. kpkts/sec, [21.9] # 6. avg bytes/pkt, [430] # 7. %bytes pattern matched, [80.60] # 8. syns/sec [1340.4] # 9. synacks/sec [1348.7] # 10. rsts/sec [257.0] (only in emf's patch to 2.1.3rc1) # 11. fins/sec [2399.7] (only in emf's patch to 2.1.3rc1) # 12. new-sessions/sec [991.5] (from preprocessor stream4) # 13. del-sessions/sec [967.7] .. # 14. total sessions open [24525] .. # 15. max sessions [40918] .. # 16. stream flushes/sec [0.0] .. # 17. stream faults/sec [0] .. # 18. stream timeouts [1] .. # 19. fragcompletes/sec [0.3] (from preprocessor frag2) # 20. fraginserts/sec [0.5] .. # 21. fragdeletes/sec [0.2] .. # 22. fragflushes/sec [0.2] .. # 23. frag timeouts [60] .. # 24. frag faults [0] .. # 25. %user CPU usage [23.4] # 26. %sys CPU usage [3.4] # 27. %idle CPU usage [73.3] if [ x"$1" = x"" ] ; then echo "Usage: $0 [sensorname]"; exit 128 else rrdtool create snortperf_${1}.rrd --step 60 --start 01/01/2002 \ DS:pct_pkts_dropped:GAUGE:180:U:U \ DS:mbits_sec:GAUGE:180:U:U \ DS:alerts_sec:GAUGE:180:U:U \ DS:kpkts_sec:GAUGE:180:U:U \ DS:avg_bytes_pkt:GAUGE:180:U:U \ DS:pct_bytes_matched:GAUGE:180:U:U \ DS:syn:GAUGE:180:U:U \ DS:synack:GAUGE:180:U:U \ DS:rst:GAUGE:180:U:U \ DS:fin:GAUGE:180:U:U \ DS:new_sessions_sec:GAUGE:180:U:U \ DS:del_sessions_sec:GAUGE:180:U:U \ DS:total_sessions_open:GAUGE:180:U:U \ DS:max_sessions:COUNTER:180:U:U \ DS:streamflushes_sec:GAUGE:180:U:U \ DS:streamfaults_sec:GAUGE:180:U:U \ DS:stream_timeouts:GAUGE:180:U:U \ DS:fragcompletes_sec:GAUGE:180:U:U \ DS:fraginserts_sec:GAUGE:180:U:U \ DS:fragdeletes_sec:GAUGE:180:U:U \ DS:fragflushes_sec:GAUGE:180:U:U \ DS:frag_timeouts:GAUGE:180:U:U \ DS:frag_faults:GAUGE:180:U:U \ DS:user_CPU:GAUGE:180:U:U \ DS:sys_CPU:GAUGE:180:U:U \ DS:idle_CPU:GAUGE:180:U:U \ RRA:AVERAGE:0:1:10080 \ RRA:AVERAGE:0:60:4320 \ fi - -- Erik Fichtner Principal Engineer, Information Security, ServerVault Corp. 703-652-5900 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQFAuOKjQ7EzrewLMS0RAmEAAKC7EVDIE32ykI0v3rRZu9TLi56ZKQCfRbrc BFfCHouVpP5k5L/N5UgsiTA= =cz1U -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- performance monitoring nt (May 29)
- RE: performance monitoring Darren Webb (May 29)
- Re: performance monitoring Erik Fichtner (May 29)
- Re: performance monitoring AJ Butcher, Information Systems and Computing (Jun 01)