Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How many rules read / active?

From: "Kurzawa, Kevin" <kkurzawa () co pinellas fl us>
Date: Fri, 7 Nov 2014 10:15:10 -0500
Snort is run in daemon mode for me, as well. It logs startup messages to /var/log/messages.

Here is the output to look for.

Nov  5 16:27:24 snort[19445]: +++++++++++++++++++++++++++++++++++++++++++++++++++
Nov  5 16:27:24 snort[19445]: Initializing rule chains...
Nov  5 16:27:24 snort[19445]: WARNING: /etc/pulledpork/rules/local(7) GID 1 SID 1000001 in rule duplicates previous 
rule. Ignoring old rule.
Nov  5 16:27:25 snort[19445]: 8161 Snort rules read
Nov  5 16:27:25 snort[19445]:     8139 detection rules
Nov  5 16:27:25 snort[19445]:     0 decoder rules
Nov  5 16:27:25 snort[19445]:     21 preprocessor rules
Nov  5 16:27:25 snort[19445]: 8160 Option Chains linked into 542 Chain Headers
Nov  5 16:27:25 snort[19445]: 0 Dynamic rules
Nov  5 16:27:25 snort[19445]: +++++++++++++++++++++++++++++++++++++++++++++++++++



From: test engineer [mailto:test12524 () gmail com]
Sent: Friday, November 07, 2014 9:24 AM
To: waldo kitty
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] How many rules read / active?

Thanks for you comment Waldo.  When starting snort in daemon mode there is no screen output. The system log/messages 
file does not indicate how many rules were loaded.  I'm testing a set of 125 local rules and need to see if they loaded.

On Wed, Nov 5, 2014 at 4:38 PM, waldo kitty <wkitty42 () windstream net<mailto:wkitty42 () windstream net>> wrote:
On 11/5/2014 2:07 PM, test engineer wrote:

When running snort in daemon mode, is there a command to show how many snort
rules were loaded and are active?


the numbers are shown in the startup output of snort...

--
  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: