RE: snort perf monitoring

[John Hally <JHally () epnet com>]

This should work, Thanks!

I was hoping there was an snmp hook into the snort process itself that you
could query directly, but for what I want to do you're script should fit the
bill quite nicely.  Thanks again!



-----Original Message-----
From: Andreas Östling [mailto:andreaso () it su se] 
Sent: Saturday, July 23, 2005 3:02 PM
To: John Hally
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] snort perf monitoring

On Fri, 22 Jul 2005, John Hally wrote:

> Hello All,
>
>
>
> I was wondering how I would go about monitoring the performance of the
snort
> process.  I think I've successfully implemented PF_RING and I guess I'm
> looking for proof that it's working the way I think it is.  I currently
have
> Ntop running using the PF_RING libpcap and it looks like it's performing
> well based on its built in perf stats on dropped packets by pcap or the
ntop
> process.  I'm just not sure if there's an easy way to do the same with
> snort.  Is there possibly an snmp hook into the process where I could grab
> stats using an mrtg/cricket like app.
>
>
>
> Thanks!

You could enable the perfmonitor preprocessor and use
http://people.su.se/~andreaso/perfmon-graph/

/Andreas


-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users