|
Home > Archive > Snort > September 2004 > [Snort-users] Stupid Question
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
[Snort-users] Stupid Question
|
|
| Bell, Josh 2004-05-11, 11:43 pm |
| When I run Snort manually (non-daemon mode), let it go for a while, then =
stop it, I get a nice summary screen telling me (among other things) how =
many packets are being dropped. I periodically stop Snort and run it =
manually for 10-15 minutes just to see this summary screen. On a =
gigabit link, the packet loss is usually around 1-3%, but I've seen it =
as high as 40%.
Is there any way to get this same information on the fly when Snort is =
running in daemon mode? Possibly even how much is being lost over time?
=20
Note: The information contained in this message may be privileged and =
confidential and thus protected from disclosure. If the reader of this =
message is not the intended recipient, or an employee or agent =
responsible for delivering this message to the intended recipient, you =
are hereby notified that any dissemination, distribution or copying of =
this communication is strictly prohibited. If you have received this =
communication in error, please notify us immediately by replying to the =
message and deleting it from your computer. Thank you.
-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpre...From=osdnemail3
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| AJ Butcher, Information Systems and Computing 2004-05-12, 3:51 am |
|
--On 11 May 2004 23:56 -0400 "larosa, vjay" <larosa_vjay@emc.com> wrote:
> kill -SIGUSR1 I believe. But personally I like (no LOVE) the perfstats
> output.
Seconded.
I also use <http://people.su.se/~andreaso/perfmon-graph/> to get pretty
pictures from perfstat's logs.
Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpre...From=osdnemail3
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| Lee Brotherston 2004-09-22, 10:25 pm |
| Andy wrote:
> Am I sending to the correct email address snort-users@lists.sourceforge.net
> ?
>
> As a response, I keep getting the email below, but it my posts go through.
> WTF?
>
> Please tell me if I'm a dork.....
Looks like your posts are getting through to the list... But one of the
addresses subscribed to the list no longer exists, is filtered, etc.
You are getting the bounce from that one mailbox, not the list itself.
Cheers
Lee
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| Edin Dizdarevic 2004-09-22, 10:25 pm |
|
Lee Brotherston wrote:
> Andy wrote:
>
>
>
> Looks like your posts are getting through to the list... But one of the
> addresses subscribed to the list no longer exists, is filtered, etc. You
> are getting the bounce from that one mailbox, not the list itself.
>
> Cheers
>
> Lee
>
Yes, in fact everybody on the list get these mails, which is quite
annoying, in fact... 
Regards,
Edin
--
Edin Dizdarevic
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| Matt Kettler 2004-09-22, 10:25 pm |
| At 11:05 PM 9/18/2004, Andy wrote:
>Am I sending to the correct email address snort-users@lists.sourceforge.net
>?
>
>As a response, I keep getting the email below, but it my posts go through.
>WTF?
>
>Please tell me if I'm a dork.....
I can't tell you if you're a dork or not, but I can tell you this
particular issue isn't your problem.
You are sending to the correct address. The bounce message you're getting
is some imbecile with a misconfigured mailserver that bounces mail to the
From: address instead of using the envelope Return-Path:.
You'd think on a security list people would at least know how to configure
a mailserver to safely and properly handle message failure. Guess not, as
there's a lot of misconfigured mailservers on this list...
I generally take the step of 550'ing the whole server and the offending
address for a couple weeks as a defensive measure.
From my /etc/mail/access:
200.249.204.129 550 mail systems with broken
bounces are not welcome here
postmaster@ipadnet.com.br 550 mail systems with broken
bounces are not welcome here
It's a bit extreme, but if they are sufficiently misconfigured to bounce
mail to the From header address, they are likely to be able to produce mail
loops as well, and I don't want to be a part of it.
(Note: I could firewall the server, but by using MTA layer 550's at least
they know why I'm blocking them)
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
| |
| Edin Dizdarevic 2004-09-22, 10:25 pm |
|
Matt Kettler wrote:
> (Note: I could firewall the server, but by using MTA layer 550's at
> least they know why I'm blocking them)
Good work... ;) wonder if somebody ever takes a look at the maillog.
Probably not .
Regards,
Edin
--
Edin Dizdarevic
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
________________________________________
_______
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists...nfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf....ist=snort-users
|
|
|
|
|