Snort mailing list archives
Addition to TimeStats module
From: "Bill Parker" <dogbert () netnevada net>
Date: Fri, 14 Oct 2005 20:46:07 -0700
Hi All,
I have added some code to the --enable-timestats code in snort >= 2.4.1 and it now produces the
following output (work still in progress) once an hour to /var/log/messages:
Oct 14 19:46:03 nermal snort[5129]: Hourly Statistics Report
Oct 14 19:46:03 nermal snort[5129]:
Oct 14 19:46:03 nermal snort[5129]: Packet analysis time averages:
Oct 14 19:46:03 nermal snort[5129]:
Oct 14 19:46:03 nermal snort[5129]: Packets Received per hour is: 1026837
Oct 14 19:46:03 nermal snort[5129]: Packets Received per minute is: 17113
Oct 14 19:46:03 nermal snort[5129]: Packets Received per second is: 285
Oct 14 19:46:03 nermal snort[5129]: Packets Dropped in the last hour: 0
Oct 14 19:46:03 nermal snort[5129]:
Oct 14 19:46:03 nermal snort[5129]: Packet analysis type averages:
Oct 14 19:46:03 nermal snort[5129]:
Oct 14 19:46:03 nermal snort[5129]: TCP Packets received in the last hour: 982612
Oct 14 19:46:03 nermal snort[5129]: UDP Packets received in the last hour: 24629
Oct 14 19:46:04 nermal snort[5129]: ICMP Packets received in the last hour: 743
Oct 14 19:46:14 nermal snort[5129]: ARP Packets received in the last hour: 0
Oct 14 19:46:14 nermal snort[5129]: IPX Packets received in the last hour: 0
Oct 14 19:46:14 nermal snort[5129]: EAPOL Packets received in the last hour: 0
Oct 14 19:46:14 nermal snort[5129]: Ethernet Loopback Packets received in the last hour: 0
Oct 14 19:46:15 nermal snort[5129]: OTHER Packets received in the last hour: 18948
Oct 14 19:46:15 nermal snort[5129]: FRAG Packets received in the last hour: 27
Oct 14 19:46:15 nermal snort[5129]: DISCARD Packets received in the last hour: 0
Oct 14 19:46:15 nermal snort[5129]:
I will be adding percentage counters to the number of each type of packet received and if anyone
has additional suggestions, post them on the devel or regular mailing list...
Bill Parker
Current thread:
- Addition to TimeStats module Bill Parker (Oct 14)