Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: [Snort-devel] Added Statistics Patch

From: Sean Brown <sblinux () shaw ca>
Date: Mon, 21 Feb 2005 17:08:12 -0700
I would like to see these types of stats exposed via snmp.

----- Original Message -----
From: Claudio Mazzariello <claudio.mazzariello () napoli consorzio-cini it>
Date: Friday, February 18, 2005 7:04 am
Subject: [Snort-users] RE: [Snort-devel] Added Statistics Patch



wouldn't it be useful if it reported the packet loss ratio too?

-----Original Message-----
From: dogbert () netnevada net [dogbert () netnevada net]
Sent: Thu 17/02/2005 23.34
To:   snort-devel () lists sourceforge net
Cc:   snort-users () lists sourceforge net
Subject:      [Snort-devel] Added Statistics Patch
Hello everyone,

  I have made some patch files which give snort some real-time 
statistics 
information by use of calls to LogMessage and a hourly call via 
the alarm() 
function.  The tarball is a attachment to this email, btw.  This 
patch also 
produces a end total when snort exits out of daemon mode.

This tarball will modify three files in the Snort 2.3.0 Source 
Tree (snort.h, 
snort.c, and util.c) and produces output which looks like this in 
my /var/log/messages file:

Feb 17 10:29:12 nermal snort: Hourly Statistics Report 
Feb 17 10:29:12 nermal snort:  
Feb 17 10:29:12 nermal snort: Packet analysis time averages: 
Feb 17 10:29:12 nermal snort:  
Feb 17 10:29:12 nermal snort: Packets Received per hour is:      
1270446 
Feb 17 10:29:12 nermal snort: Packets Received per minute is:      
21174 
Feb 17 10:29:12 nermal snort: Packets Received per second is:      
 352 
Feb 17 10:29:12 nermal snort:  
Feb 17 11:00:31 nermal snort: [119:4:1] (http_inspect) BARE BYTE 
UNICODE 
ENCODING {TCP} 12.169.250.2:2918 -> 172.21.2.175:80
Feb 17 11:29:12 nermal snort:  
Feb 17 11:29:12 nermal snort: Hourly Statistics Report 
Feb 17 11:29:12 nermal snort:  
Feb 17 11:29:12 nermal snort: Packet analysis time averages: 
Feb 17 11:29:12 nermal snort:  
Feb 17 11:29:12 nermal snort: Packets Received per hour is:       
750001 
Feb 17 11:29:12 nermal snort: Packets Received per minute is:      
12500 
Feb 17 11:29:12 nermal snort: Packets Received per second is:      
 208 
Feb 17 11:29:12 nermal snort:  
Feb 17 12:29:12 nermal snort:  
Feb 17 12:29:12 nermal snort: Hourly Statistics Report 
Feb 17 12:29:12 nermal snort:  
Feb 17 12:29:12 nermal snort: Packet analysis time averages: 
Feb 17 12:29:12 nermal snort:  
Feb 17 12:29:12 nermal snort: Packets Received per hour is:       
758315 
Feb 17 12:29:12 nermal snort: Packets Received per minute is:      
12638 
Feb 17 12:29:12 nermal snort: Packets Received per second is:      
 210 
Feb 17 12:29:12 nermal snort:  
Feb 17 13:29:12 nermal snort:  
Feb 17 13:29:12 nermal snort: Hourly Statistics Report 
Feb 17 13:29:12 nermal snort:  
Feb 17 13:29:12 nermal snort: Packet analysis time averages: 
Feb 17 13:29:12 nermal snort:  
Feb 17 13:29:12 nermal snort: Packets Received per hour is:       
761306 
Feb 17 13:29:12 nermal snort: Packets Received per minute is:      
12688 
Feb 17 13:29:12 nermal snort: Packets Received per second is:      
 211 
Feb 17 13:29:12 nermal snort:  
Feb 17 14:29:12 nermal snort:  
Feb 17 14:29:12 nermal snort: Hourly Statistics Report 
Feb 17 14:29:12 nermal snort:  
Feb 17 14:29:12 nermal snort: Packet analysis time averages: 
Feb 17 14:29:12 nermal snort:  
Feb 17 14:29:12 nermal snort: Packets Received per hour is:       
817858 
Feb 17 14:29:12 nermal snort: Packets Received per minute is:      
13630 
Feb 17 14:29:12 nermal snort: Packets Received per second is:      
 227 
Feb 17 14:29:12 nermal snort: 

If anyone has ideas for improvement, send me an email, or post the 
idea on the 
mailing list(s).

Bill





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real 
users.Discover which products truly live up to the hype. Start 
reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&opÕick
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list×ort-users





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: