I dropped by the snort forum and couldn’t keep my hands off..
Here are some basic munin plugins for snort using perfmon (Enable preprocessor perfmonitor in snort.conf)
The snort.conf entry should look something like:
preprocessor perfmonitor: time 300 file /your/path/to/snort.stats pktcnt 5000
(Read the snort docs for more info on performance issues etc.)
Drop Rate:
http://download.gamelinux.org/snort/snort_drop_rate
Pattern Matching:
http://download.gamelinux.org/snort/snort_pattern_match
Traffic speed:
http://download.gamelinux.org/snort/snort_traffic
Alerts:
http://download.gamelinux.org/snort/snort_alerts
Avg KBytes/pkt:
http://download.gamelinux.org/snort/snort_bytes_pkt
Avg Pkts/sec:
http://download.gamelinux.org/snort/snort_pkts
Edit any one of them, to graph what you want from perfmon output. It should be easy!
And now I will test them myself!
Update:
Here is a picture to give you an idea on how the graphs looks:
http://download.gamelinux.org/snort/Snort-Munin-Plugins.png
---
"Measure, don't speculate" -- Unknown
"Premature optimization is the root of all evil" -- Tony Hoare
No Responses to “Basic munin plugins for Snort”