Snort mailing list archives
Re: snort.stats key-value mapping
From: Juan Jesus Prieto <jjprieto () redborder org>
Date: Mon, 13 Apr 2015 09:59:07 +0200
Hi Karolis, Could you attach a stat file content example? every key should be accompanied with their corresponding value, one on one. Regards. El jue, 09-04-2015 a las 19:46 +0300, Karolis escribió:
Hi Juan,
Thanks for reply. I have got same associative array but can I rely on
it?
As I mentioned there are 96 keys and 131 values in the snort.stats
file.
How do you know that first 96 keys correspond to the first 96 values
on one to one relationship and only the last values misses keys?
Can it be what there are gaps in key value pairs eg. key 10 correspond
to value 12?
Karolis
On Mon, Apr 6, 2015 at 11:14 AM, Juan Jesus Prieto
<jjprieto () redborder org> wrote:
Hi Karolis,
The manual is out-of-date at this point. I use scripting for
dinamically map this pairs. For example:
# declare -A v; \
keys=( $(head /var/log/snort/snort.stats -n2 | tail -n1 | sed 's/^#//' | tr ',' ' ') ); \
count=0; \
for n in $(tail /var/log/snort/snort.stats -n1 | tr ',' ' '); do \
v[${keys[$count]}]=$n; \
count=$(($count+1)); \
done; \
echo "stream5_mem_in_use: ${v['stream5_mem_in_use']}"; \
echo "curr_tcp_sessions_established: ${v['curr_tcp_sessions_established']}"
stream5_mem_in_use: 13950060
curr_tcp_sessions_established: 5195
This small script will map into a hash (named 'v') all pairs
key/value and present last values from stats file
(stream5_mem_in_use and curr_tcp_sessions_established in this
example).
Another option is to use my snmp passthrou agent:
https://github.com/redBorder/rb_snmp_pass
You will need to adapt it for your case.
El mar, 31-03-2015 a las 10:03 +0300, Karolis escribió:
> Hi,
>
> I am trying to map perfmonitor preprocessors statistics keys
> to values.
>
>
> config:
> preprocessor perfmonitor: time 300
> file /nsm/sensor_data/"sensor-name"/snort.stats pktcnt 10000
>
>
>
> snort manual states "There are over 100 individual
> statistics included. A header line is output at startup and
> rollover that labels each column." although only 75 keys are
> listed.
>
>
> snort.stats file has 96 keys and 131 values.
>
>
> How can I correctly map keys to values?
>
>
> Karolis
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for all
> things parallel software development, from weekly thought leadership blogs to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge
net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit
http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2
standard
Learn Process modeling best practices with Bonita BPM through
live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the
latest Snort news!
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to
this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users
list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org
to stay current on all the latest Snort news!
------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: snort.stats key-value mapping Juan Jesus Prieto (Apr 06)
- Re: snort.stats key-value mapping Karolis (Apr 09)
- Re: snort.stats key-value mapping Juan Jesus Prieto (Apr 13)
- Re: snort.stats key-value mapping Karolis (Apr 09)