Snort mailing list archives

Re: Snort Packet Stats

From: Martin Roesch <roesch () sourcefire com>
Date: Thu, 10 Jan 2002 16:40:44 -0500

Send the snort PID a SIGUSR1 and it'll dump stats to the console
(console mode) or syslog (daemon mode).

     -Marty

Matt Jonkman wrote:


We're working on our own homegrown snort back-end and want to really
concentrate on having detailed live and trending stats for each sensor.

Is there a way to get the stats that snort dumps when you ^C a non-daemon
instance when you are running as a daemon? If not is there another source of
the running stats we can grab and trend?

Thanks

Matt

I.E these stats:

============================================================================
===
Snort analyzed 4444 out of 6034 packets, dropping 1590(26.351%) packets

Breakdown by protocol:                Action Stats:
    TCP: 2494       (41.332%)         ALERTS: 0
    UDP: 108        (1.790%)          LOGGED: 0
   ICMP: 0          (0.000%)          PASSED: 0
    ARP: 0          (0.000%)
   IPv6: 0          (0.000%)
    IPX: 0          (0.000%)
  OTHER: 102        (1.690%)
DISCARD: 0          (0.000%)
============================================================================
===
Fragmentation Stats:
Fragmented IP Packets: 0          (0.000%)
    Fragment Trackers: 0
   Rebuilt IP Packets: 0
   Frag elements used: 0
Discarded(incomplete): 0
   Discarded(timeout): 0
  Frag2 memory faults: 0
============================================================================
===
TCP Stream Reassembly Stats:
        TCP Packets Used: 0          (0.000%)
         Stream Trackers: 0
          Stream flushes: 0
           Segments used: 0
   Stream4 Memory Faults: 0
============================================================================
===
Snort received signal 2, exiting

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
Martin Roesch - Founder/CEO, Sourcefire Inc. - (410)552-6999
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch () sourcefire com - http://www.sourcefire.com  
Snort: Open Source Network IDS - http://www.snort.org

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: ACID wishlist Roman Danyliw (Jan 10)
- Snort Packet Stats Matt Jonkman (Jan 10)
  - Re: Snort Packet Stats Martin Roesch (Jan 10)
  - Re: Snort Packet Stats Ashley Thomas (Jan 10)
    - Re: Snort Packet Stats Matt Jonkman (Jan 10)
    - Snort Stats & ACID Guillaume (Jan 11)