Re: perfmonitor and pmgraph

["Paul Melson" <pmelson () gmail com>]

Thanks Andreas.  I think my only choice is to upgrade to 2.6 and hope the
problem goes away.

In the mean time, I wound up writing a Perl script to "normalize" the drops%
field so that I can at least generate graphs that mean something.  But, I
also run `kill -USR1 [pidofsnort]` every midnight and the packet loss
statistics reported by snort to syslog are not even close to the
"normalized" perfmonitor data.  Looks like it's garbage all the way through.
:-\

PaulM 


-----Original Message-----
From: Andreas Östling [mailto:andreaso () it su se] 
Sent: Monday, September 25, 2006 8:18 AM
To: Paul Melson
Subject: Re: [Snort-users] perfmonitor and pmgraph

On Wednesday 20 September 2006 18:39, Paul Melson wrote:
> I'm trying to use pmgraph to analyze Snort 2.4 perfmonitor statistics. 
> Specifically, I am trying to troubleshoot dropped packets on a 
> moderately busy sensor.
>
> The problem I am having with the perfmonitor file is that there seem 
> to be some crazy values in the field that, as I understand it, is the 
> % of dropped packets:

Looks like a bug in the perfmonitor preprocessor, I know it has had a few
problems like that before on some platforms. The best thing is probably to
try the latest 2.6 version.

/Andreas


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users