Snort mailing list archives

Previous By Date Next
Previous By Thread Next

FW: CPU load generated by Snort

From: "Tony Reusser" <treusser () filertel com>
Date: Fri, 19 Oct 2012 08:12:39 -0600
Here's how I do it.

 

Open up one ssh window to your snort box.  Type the command 'tail -f
/var/log/messages'

 

Then in another window issue a SIGUSR1 kill signal to your snort PID:

 

# kill -10 [snort PID]

 

This will tell snort to dump its current statistics to syslog.  The tail
command conveniently shows it immediately, but it is in there to find later
if you want.  At the top of the list of stats is "packets captured / packets
analyzed / packets dropped.

 

Hope this helps.

 

                -Tony Reusser

 

P.S. This command doesn't actually "kill" your snort process.  It interprets
this "signal" as  "dump stats and keep running."

 

From: Pratik Narang [mailto:pratik.cse.bits () gmail com] 
Sent: Friday, October 19, 2012 12:38 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] CPU load generated by Snort

 

To justify hardware needs for our IDS/IPS/Firewall setup, I need to show how
much load my present Snort setup - which is only a test bed setup- generates
on the CPU and thus justify the need of servers required.

 

The 'top' command in linux shows me that Snort is using 18% of memory and 7%
of CPU (fairly low, and I only use Core2duo processors). 

How do I get the information that how much Snort is loaded compared to its
full capacity (a single instance of it, of course), how many packets it is
seeing per second and if it is dropping any packets (say due to some mistake
is configuration on my part)?

 

Thanks.

Attachment: ATT00013.txt
Description:

Attachment: ATT00016.txt
Description: 

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: