Thanks Andreas. I think my only choice is to upgrade to 2.6 and hope the
problem goes away.
In the mean time, I wound up writing a Perl script to "normalize" the drops%
field so that I can at least generate graphs that mean something. But, I
also run `kill -USR1 [pidofsnort]` every midnight and the packet loss
statistics reported by snort to syslog are not even close to the
"normalized" perfmonitor data. Looks like it's garbage all the way through.
:-\
PaulM
-----Original Message-----
From: Andreas Östling [mailto:andreaso@it.su.se]
Sent: Monday, September 25, 2006 8:18 AM
To: Paul Melson
Subject: Re: [Snort-users] perfmonitor and pmgraph
On Wednesday 20 September 2006 18:39, Paul Melson wrote:
I'm trying to use pmgraph to analyze Snort 2.4 perfmonitor statistics.
Specifically, I am trying to troubleshoot dropped packets on a
moderately busy sensor.
The problem I am having with the perfmonitor file is that there seem
to be some crazy values in the field that, as I understand it, is the
% of dropped packets:
Looks like a bug in the perfmonitor preprocessor, I know it has had a few
problems like that before on some platforms. The best thing is probably to
try the latest 2.6 version.
/Andreas
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
