RE: [Snort-devel] Added Statistics Patch

["Claudio Mazzariello" <claudio.mazzariello () napoli consorzio-cini it>]

wouldn't it be useful if it reported the packet loss ratio too?

-----Original Message-----
From:   dogbert () netnevada net [mailto:dogbert () netnevada net]
Sent:   Thu 17/02/2005 23.34
To:     snort-devel () lists sourceforge net
Cc:     snort-users () lists sourceforge net
Subject:        [Snort-devel] Added Statistics Patch
Hello everyone,

   I have made some patch files which give snort some real-time statistics 
information by use of calls to LogMessage and a hourly call via the alarm() 
function.  The tarball is a attachment to this email, btw.  This patch also 
produces a end total when snort exits out of daemon mode.

This tarball will modify three files in the Snort 2.3.0 Source Tree (snort.h, 
snort.c, and util.c) and produces output which looks like this in 
my /var/log/messages file:

Feb 17 10:29:12 nermal snort: Hourly Statistics Report 
Feb 17 10:29:12 nermal snort:  
Feb 17 10:29:12 nermal snort: Packet analysis time averages: 
Feb 17 10:29:12 nermal snort:  
Feb 17 10:29:12 nermal snort: Packets Received per hour is:      1270446 
Feb 17 10:29:12 nermal snort: Packets Received per minute is:      21174 
Feb 17 10:29:12 nermal snort: Packets Received per second is:        352 
Feb 17 10:29:12 nermal snort:  
Feb 17 11:00:31 nermal snort: [119:4:1] (http_inspect) BARE BYTE UNICODE 
ENCODING {TCP} 12.169.250.2:2918 -> 172.21.2.175:80
Feb 17 11:29:12 nermal snort:  
Feb 17 11:29:12 nermal snort: Hourly Statistics Report 
Feb 17 11:29:12 nermal snort:  
Feb 17 11:29:12 nermal snort: Packet analysis time averages: 
Feb 17 11:29:12 nermal snort:  
Feb 17 11:29:12 nermal snort: Packets Received per hour is:       750001 
Feb 17 11:29:12 nermal snort: Packets Received per minute is:      12500 
Feb 17 11:29:12 nermal snort: Packets Received per second is:        208 
Feb 17 11:29:12 nermal snort:  
Feb 17 12:29:12 nermal snort:  
Feb 17 12:29:12 nermal snort: Hourly Statistics Report 
Feb 17 12:29:12 nermal snort:  
Feb 17 12:29:12 nermal snort: Packet analysis time averages: 
Feb 17 12:29:12 nermal snort:  
Feb 17 12:29:12 nermal snort: Packets Received per hour is:       758315 
Feb 17 12:29:12 nermal snort: Packets Received per minute is:      12638 
Feb 17 12:29:12 nermal snort: Packets Received per second is:        210 
Feb 17 12:29:12 nermal snort:  
Feb 17 13:29:12 nermal snort:  
Feb 17 13:29:12 nermal snort: Hourly Statistics Report 
Feb 17 13:29:12 nermal snort:  
Feb 17 13:29:12 nermal snort: Packet analysis time averages: 
Feb 17 13:29:12 nermal snort:  
Feb 17 13:29:12 nermal snort: Packets Received per hour is:       761306 
Feb 17 13:29:12 nermal snort: Packets Received per minute is:      12688 
Feb 17 13:29:12 nermal snort: Packets Received per second is:        211 
Feb 17 13:29:12 nermal snort:  
Feb 17 14:29:12 nermal snort:  
Feb 17 14:29:12 nermal snort: Hourly Statistics Report 
Feb 17 14:29:12 nermal snort:  
Feb 17 14:29:12 nermal snort: Packet analysis time averages: 
Feb 17 14:29:12 nermal snort:  
Feb 17 14:29:12 nermal snort: Packets Received per hour is:       817858 
Feb 17 14:29:12 nermal snort: Packets Received per minute is:      13630 
Feb 17 14:29:12 nermal snort: Packets Received per second is:        227 
Feb 17 14:29:12 nermal snort: 

If anyone has ideas for improvement, send me an email, or post the idea on the 
mailing list(s).

Bill





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users