RE: Is snort dropping packets

[Jason Humes <jhumes () acs on ca>]

Hi
I've done this and found the pid and sent the kill -USR1 PID and it returned
me to the prompt with nothing...should I see something after running this
command?  Thanks

-----Original Message-----
From: John Creegan [mailto:jcreegan () questarweb com] 
Sent: Tuesday, March 23, 2004 2:34 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Is snort dropping packets


If you're running snort on a UNIX or Linux box, determine the process ID of
the snort process (ps -ef | grep snort), then send it a USR1 signal (kill
-USR1 pid) where pid is the process ID of the snort instance. 
Then take a look at the last hundred lines or so from the output of "dmsg".

> > > Jason Humes <jhumes () acs on ca> 03/23/04 01:02PM >>>
How can I tell if my snort sensor is dropping packets due to too much
traffic, or not enough horsepower, or whatever.  Thanks

Jason 

**********************************************************************

Confidentiality Notice: 

The information contained in this e-mail and any attachments may be legally
privileged and confidential. If you are not an intended recipient, you are
hereby notified that any dissemination, distribution or copying of this
e-mail and any attachments is strictly prohibited. If you received this
e-mail in error, please notify the sender and permanently delete the e-mail
and any attachments immediately. You should not retain, copy or use this
e-mail or any attachment for any purpose, nor disclose all or any part of
the contents to any other person. 

Thank you. 



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo
technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net 
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users 
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


This message (including any attachments) contains confidential 
information intended for a specific individual and purpose, 
and is protected by law.  If you are not the intended recipient, you should
delete this message and are hereby notified that any 
disclosure,copying, or distribution of this message, or the taking 
of any action based on it, is strictly prohibited.



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo
technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users