Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort not logging all packets

From: James Affeld <jamesaffeld () yahoo com>
Date: Tue, 8 Mar 2005 11:30:15 -0800 (PST)
Is snort running at the same time as tcpdump?  How
busy is the network and how busy is the box monitoring
it?  

If you have a sensor attached to a 100 megabit span
port on a switch with a 32 gigabit backplane, you
might  well expect to miss a lot of packets.  

if it's a Unix/linux/bsd-based sensor you can run top
to get the top 10 running processes, and overall cpu
and memory usage.  




Message: 6
Date: Mon, 7 Mar 2005 11:41:05 -0800 (PST)
From: sEc nErD <umkcguy1978 () yahoo com>
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort not logging all packets

--0-627745955-1110224465=:77350
Content-Type: text/plain; charset=us-ascii


Hi all,
 
I am runnning snort on a fedora box and i started
with a doubt that it is not logging all the packets.
I checked it with tcp dump and when i stop tcpdump i
see 90% of the packets being dropped by the kernel.
When i see /var/log/messages 
i see the below error for both sniffing interfaces
 
OpenPcap() device eth0 network lookup:  ^Ieth0: no
IPv4 address assigned
 
I checked the version of libpcap running it is
 " libpcap-0.8.3-3 "
Output of # uname -a  
 
Linux localhost.localdomain 2.6.5-1.358smp #1 SMP
Sat May 8 09:25:36 EDT 2004 i686 i686 i386 GNU/Linux
 
If anybody could help me on this i would really
appreciate it.
thanks all,
kaps





        
                
__________________________________ 
Celebrate Yahoo!'s 10th Birthday! 
Yahoo! Netrospective: 100 Moments of the Web 
http://birthday.yahoo.com/netrospective/


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: